[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldap] ldapsearch and Active Directory

To: "Inger, Slav (S.B.)" <vinger@ford.com>
Subject: Re: [ldap] ldapsearch and Active Directory
From: Andreas <andreas@conectiva.com.br>
Date: Thu, 17 Jul 2003 13:58:22 -0300
Cc: "'openldap-software@openldap.org'" <openldap-software@OpenLDAP.org>, "'ldap@umich.edu'" <ldap@umich.edu>
Content-disposition: inline
In-reply-to: <LYRIS-1362573-362858-2003.07.17-12.45.54--andreas#conectiva.com.br@listserver.itd.umich.edu>
References: <LYRIS-1362573-362858-2003.07.17-12.45.54--andreas#conectiva.com.br@listserver.itd.umich.edu>
User-agent: Mutt/1.5.4i

On Thu, Jul 17, 2003 at 12:45:36PM -0400, Inger, Slav (S.B.) wrote:
> Trying to query AD for a user account which can be in one of several Windows
> 2000/Active Directory domains to see which domain the account is in.  When I
> query the domain forest root, I get referrals back.  So my first question is:

You are probably getting these referrals back because you have not authenticated
yourself against AD.

> is there a way to get ldapsearch to recursively follow referrals?  When I

yes, -C according do ldapsearch --help

> bind to a speicific domain which contains the account, I can dump the
> account's attributes only when I use -D and -w options, using which is not
> realistically feasible.  My second question is:  is it possible to get to
> this information anonymously in some other way?  Also, my impression is that

By default, AD doesn't allow anonymous searches. You would have to configure
your AD. Or create a specific user just for these searches.

Prev by Date: ldapsearch and Active Directory
Next by Date: search fails to find indexes?
Index(es):
- Chronological
- Thread