Re: NT Domain backend

[Norbert Klasen <klasen@zdv.uni-tuebingen.de>]

Hi Pierangelo,
> I'd like to read of any experience in dealing with active
> directory by using standard (and standard compliant) clients. For instance:
> is it possible to add a user account by means of ldapadd (not in principle: did
> anyone actually succeed)?

Yes, it is possible. You first create the user, then set a password and
finally enable the accout, e.g.:

  > ldapmodify -x -H ldaps://w2k -D cn=admin,cn=users,dc=example,dc=com
-W
  dn: cn=TestUser,cn=users,dc=example,dc=com
  changetype: add
  cn: TestUser
  objectclass: user
  samaccountname: TestUser

  adding new entry "cn=TestUser,cn=users,dc=example,dc=com"

  dn: cn=TestUser,cn=users,dc=example,dc=com
  changetype: modify
  replace: unicodePwd
  unicodePwd::IgBuAGUAdwBQAGEAcwBzAHcAbwByAGQAIgA=

  modifying entry "cn=TestUser,cn=users,dc=example,dc=com"

  dn: cn=TestUser,cn=users,dc=example,dc=com
  changetype: modify
  replace: userAccountControl
  userAccountControl: 512

  modifying entry "cn=TestUser,cn=users,dc=example,dc=com"

See also:
http://msdn.microsoft.com/library/techart/kerberossamp.htm

-- 
Norbert Klasen
DFN Directory Services                           tel: +49 7071 29 70335
ZDV, Universität Tübingen                        fax: +49 7071 29 5912
Wächterstr. 76, 72074 Tübingen              http://www.directory.dfn.de
Germany                             norbert.klasen@zdv.uni-tuebingen.de