[Date Prev][Date Next]
Re: [ldap] ldapsearch and Active Directory
On Thu, Jul 17, 2003 at 12:45:36PM -0400, Inger, Slav (S.B.) wrote:
> Trying to query AD for a user account which can be in one of several Windows
> 2000/Active Directory domains to see which domain the account is in. When I
> query the domain forest root, I get referrals back. So my first question is:
You are probably getting these referrals back because you have not authenticated
yourself against AD.
> is there a way to get ldapsearch to recursively follow referrals? When I
yes, -C according do ldapsearch --help
> bind to a speicific domain which contains the account, I can dump the
> account's attributes only when I use -D and -w options, using which is not
> realistically feasible. My second question is: is it possible to get to
> this information anonymously in some other way? Also, my impression is that
By default, AD doesn't allow anonymous searches. You would have to configure
your AD. Or create a specific user just for these searches.