[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Active Directory

Vishal Khanna wrote:
Were you able to authenticate users from ADS...using OpenLDap..

Christian Pohl wrote:

Ron Wahler wrote:

I need access to Active Directory User passwords from
A remote client.  I would like to use ldapsearch has anyone

Configured a client to do that ?   what other tools do I need ?



I used this config to _change_ the password. Perhaps it works also for reading.

1. Enable SSL for ldap (Microsoft Knowledgebase Article 247078)
2. Root Certificate to openldap-tools: (openldap:.../etc/openldap/ldap.conf: TLS_CACERT /path/to/pem/ca/cert.crt)
5. connect to server here: write new password
ldapmodify -H ldaps://myadserver.company.de -D "cn=administrator,cn=users,dc=mydomain,dc=mycountry" -w -f myldif.ldif

Remark: the servername in the subject _must_ match the one used in the connect string.

247078 HOWTO: Enable Secure Socket Layer (SSL) Communication Over LDAP For Windows 2000 Domain Controllers
269190 HOWTO: Change a Windows 2000 User's Password Through LDAP

Perhaps this helps.

Kind regards,


I authenticated cn=administrator... and so I could change the password for any user. I did not try it with a 'normal' user.


Christian Pohl

The From: and Reply-To: addresses are internal news2mail gateway addresses.
Reply to the list or to Christian Pohl <pohl@secaron.de>