[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch command for W2K AD

To: Joe <ox_in@gmx.net>
Subject: Re: ldapsearch command for W2K AD
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Fri, 7 Feb 2003 15:07:11 +0000
Cc: openLDAP <openldap-software@OpenLDAP.org>
Content-disposition: inline
In-reply-to: <02fa01c2cdd7$d9470c50$870110ac@samsi>
References: <02fa01c2cdd7$d9470c50$870110ac@samsi>
User-agent: Mutt/1.3.27i

On Thu, Feb 06, 2003 at 05:34:02PM +0530, Joe wrote:

> What is ldapsearch command to get users and group information from W2K
> Active directory.
> 
> When i give ldapsearch command i get only root information, not the users
> and group.

You will have to bind to AD as a user that it knows. By default, it
will not give out much information to anonymous users. AD seems to
accept simple binds, so the main problem is working out the DN that
corresponds to your username. A test I did recently used this command:

	ldapsearch -H ldap://ad-server-name-here/ \
	-x \
	-D 'CN=Andrew Findlay,OU=eng,OU=depts,DC=brick2k,DC=skills-1st,DC=co,DC=uk' \
	-W \
	-b 'DC=brick2k,DC=skills-1st,DC=co,DC=uk' \
	-s subtree \
	'(objectclass=*)'

The result was a list of almost all attributes of all items stored in
AD.

The DC components come from the AD domain name. The OUs were explicit
levels of hierachy in the AD tree, and the CN is the full name of the
account holder as seen in the management tool.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

References:
- ldapsearch command for W2K AD
  - From: "Joe" <ox_in@gmx.net>

Prev by Date: Re: pam_ldap: What if LDAP server not reachable?
Next by Date: Re: OpenLDAP as auth for other DBMS
Index(es):
- Chronological
- Thread