[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldap] ldapsearch and Active Directory

On Thu, Jul 17, 2003 at 12:45:36PM -0400, Inger, Slav (S.B.) wrote:
> Trying to query AD for a user account which can be in one of several Windows
> 2000/Active Directory domains to see which domain the account is in.  When I
> query the domain forest root, I get referrals back.  So my first question is:

You are probably getting these referrals back because you have not authenticated
yourself against AD.

> is there a way to get ldapsearch to recursively follow referrals?  When I

yes, -C according do ldapsearch --help

> bind to a speicific domain which contains the account, I can dump the
> account's attributes only when I use -D and -w options, using which is not
> realistically feasible.  My second question is:  is it possible to get to
> this information anonymously in some other way?  Also, my impression is that

By default, AD doesn't allow anonymous searches. You would have to configure
your AD. Or create a specific user just for these searches.