[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch of Active Directory?

To: "Vsevolod (Simon) Ilyushchenko" <simonf@cshl.edu>
Subject: Re: ldapsearch of Active Directory?
From: "Andrew Petrov" <apetrov@keyspanenergy.com>
Date: Wed, 26 Feb 2003 15:05:41 -0500
Cc: openldap-software@OpenLDAP.org
Organization: KeySpan Energy
References: <3E5C0856.8040709@cshl.edu> <3E5C1039.34759848@keyspanenergy.com> <3E5D0E58.6070607@cshl.edu>

"Vsevolod (Simon) Ilyushchenko" wrote:

> Hi all (and privet to Andrew),
>
> Thanks a lot for the answers!
>
> What are the bind dn and and the administrator password called in the
> Microsoft world? (That is, what are the words I have to say to the
> Windows admin? :)
>

    It depends.  Is it a test AD environment or a production one?  I don't think
your
M$ admin would be too happy to give you the admin password for your production
domain.
If it's a test, then the admin dn is usually CN=Administrator,CN=Users,DC=<your
domain>,DC=com

Also, try using MMC and explore your tree.  At this point my frustration with AD
involves its user naming scheme.  It insists on the CN attribute as a user RDN,
but
I don't think this would work well in an enterprise environment with hundreds of
users
with identical names.

How are other people coping with that?

Thanks,
- Andrew.

>
> I have tried using the "managedBy" DN from the root node as the bind DN.
> (It was our Windows admin's account.) I got this:
>
> ---cut here
> version: 2
>
> #
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 1 Operations error
> text: 000020D6: SvcErr: DSID-03100690, problem 5012 (DIR_ERROR), data 0
>
> # numResponses: 1
> ---cut here
>
> This is not a simple "invalid password" error, as I tried a bad password
> and got a different "Invalid credentials" error.
>
> Thanks,
> Simon
>
> Andrew Petrov wrote:
> > Hi,
> >     I tried a similar search, but used the administrator account as bind dn.
> >
> > I got a lot more data, but not all the attributes (such as passwords).
> >
> > Anyone tried to use Net::LDAP for this?
> >
> > Thanks,
> > - Andrew.
> >
> > "Vsevolod (Simon) Ilyushchenko" wrote:
> >
> >
> >>Hi,
> >>
> >>I am trying to access AD using ldapsearch like this:
> >>ldapsearch -x -h server -b "dc=our-domain,dc=com"
> >>
> >>Instead of the expected list of all users I get a whopping 17 entries:
> >>The first one is what I presume to be the root node, with managedBy,
> >>masteredBy etc attributes, and the rest describe root DNS servers. And
> >>then there is a reference to a CN=Configuration entry.
> >>
> >>A similar search run on an Openldap server produces the complete dump.
> >>Does anyone have an idea of how to do a similar dump of AD? Or do I have
> >>to bind in order to do it?
> >>
> >>Thanks,
> >>Simon
> >>
> >>--
> >>
> >>Simon (Vsevolod ILyushchenko)   simonf@cshl.edu
> >>                                http://www.simonf.com
> >>
> >>"Large software projects are like werewolves because
> >>they transform unexpectedly from the familiar into horrors."
> >>                     Fred Brooks
> >
> >
> > --
> >
> > apetrov@keyspanenergy.com (718) 403-2854
> > "Nothing is impossible, it's just a matter of time and money."
> >
> >
> >
> >
>
> --
>
> Simon (Vsevolod ILyushchenko)   simonf@cshl.edu
>                                 http://www.simonf.com
>
> "Large software projects are like werewolves because
> they transform unexpectedly from the familiar into horrors."
>                      Fred Brooks

--

apetrov@keyspanenergy.com (718) 403-2854
"Nothing is impossible, it's just a matter of time and money."

References:
- ldapsearch of Active Directory?
  - From: "Vsevolod (Simon) Ilyushchenko" <simonf@cshl.edu>
- Re: ldapsearch of Active Directory?
  - From: "Andrew Petrov" <apetrov@keyspanenergy.com>
- Re: ldapsearch of Active Directory?
  - From: "Vsevolod (Simon) Ilyushchenko" <simonf@cshl.edu>

Prev by Date: OpenLDAP + User Authentication + Laptop = ?
Next by Date: Re: ldapsearch of Active Directory?
Index(es):
- Chronological
- Thread