[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Retrieving information from Active Directory

To: Stephen Carville <stephen@totalflood.com>
Subject: Re: Retrieving information from Active Directory
From: Aaron Anderson <aaron@echostar.ca>
Date: Tue, 15 Oct 2002 08:54:43 -0600
Cc: Open LDAP <openldap-software@OpenLDAP.org>
In-reply-to: <Pine.LNX.4.33.0210141519380.2289-100000@localhost.localdomain>
References: <Pine.LNX.4.33.0210141519380.2289-100000@localhost.localdomain>
User-agent: Internet Messaging Program (IMP) 3.1

try searching for (objectclass=*).  It might give a referal URL such as
CN=Configuration, DC=totalflood,DC=com.  Try changing CN=Configuration to
CN=Users and do a search for (objectclass=*).

Beyond that, I'm not sure.  

Aaron

Quoting Stephen Carville <stephen@totalflood.com>:

> Thank you for the reply.
> 
> The "administrator" account on the DC was renamed to "total" so here
> is the command I tried:
> 
> ldapsearch -D "cn=total,cn=users,dc=totalflood,dc=com" -x 
> -h 192.168.124.10 -b "cn=users,dc=totalflood,dc=com" 
> "(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))" -v 
> -w <total_password>
> 
> The results:
> 
> ldap_init( 192.168.124.10, 0 )
> ldap_bind: Invalid credentials
>         additional info: 80090308: LdapErr: DSID-0C09030B, \
> comment: AcceptSecurityContext error, data 525, v893
> 
> I also tried it with -P2.
> 
> I ran a sniffer on my workstation and can see the transaction so I
> know the packets are getting thru.  There is nothing I can find in
> the
> Windows logs that even indicate a request was made.
> 
> The server runs in mixed-mode so I tried it without the -D:
> 
> ldapsearch -x -h 192.168.124.10 -b "cn=users,dc=totalflood,dc=com" 
> "(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))" -v
> 
> Results:
> 
> ldap_init( 192.168.124.10, 0 )
> filter:
> (&(objectCategory=person)(objectClass=user)(sAMAccountName=*))
> requesting: ALL
> version: 2
> 
> #
> # filter:
> (&(objectCategory=person)(objectClass=user)(sAMAccountName=*))
> # requesting: ALL
> #
> 
> # search result
> search: 2
> result: 0 Success
> 
> I am not sure if that is progress or not :-)
> 
> On Mon, 14 Oct 2002, Aaron Anderson wrote:
> 
> - Sorry made a mistake in my command list below. It should be:
> - 
> - ldapsearch -W -D
> "cn=administrator,cn=users,dc=domain,dc=test,dc=com"
> - -x -h <ip of ad box> -b "cn=users,dc=domain,dc=test,dc=com"
> - "(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))"
> - 
> - Also another side note is that if you setup your Active Directory
> in
> - mixed-mode, you shouldn't need to bind to the directory (ie you don't
> need
> - the -W and -D arguments).  If it is setup in native mode, then you
> do. 
> - I'm about 80% sure that is accurate.  You may want to post in a M$
> ng
> - about that.
> - 
> - 
> - Aaron
> - 
> - 
> - Quoting Aaron Anderson <aaron@echostar.ca>:
> - 
> - > To use LDAP search against a LDAP directory, you have to do the
> - > following:
> - > 
> - > If your active directory name is domain.test.com then
> - > 
> - > ldapsearch -W -D
> "cn=administrator,cn=users,dc=domain,dc=test,dc=com"
> - > -x
> - > -h <ip of ad box> -b "cn=users,dc=nexus2k,dc=psynch,dc=com"
> - > "(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))"
> - > 
> - > That should list all of the users.
> - > 
> - > Aaron
> - > 
> - > 
> - > Quoting Stephen Carville <stephen@totalflood.com>:
> - > 
> - > > I am settng up a mail server and trying to use openldap so I
> can
> - > > create a public addressbook.  I hope to populate this with
> - > informatin
> - > > gleaned from Active Directory but, so far, I haven't been able
> to
> - > get
> - > > anything useful.
> - > > 
> - > > So how I can get the user information out of active directory? 
> I
> - > have
> - > > 
> - > > searched Google and found references to using ldapsearch but none
> of
> - > 
> - > > the instruction worked.  I am really new to ldap so I may be 
> - > > overlooking the obvious.
> - > > 
> - > > I am running version 2.0.11 on Redhat 7.2.
> - > > 
> - > > -- 
> - > > -- Stephen Carville
> - > > UNIX and Network Administrator
> - > > DPSI (formerly Ace USA Flood Services)
> - > > 310-342-3602
> - > > stephen@totalflood.com
> - > > 
> - > > 
> - > 
> - > 
> - > 
> - > 
> - > -----------------------------------------------------------------
> - > Secure Webmail sent through: Echostar Solutions - www.echostar.ca
> - > 
> - 
> - 
> - 
> - 
> - -----------------------------------------------------------------
> - Secure Webmail sent through: Echostar Solutions - www.echostar.ca
> - 
> 
> -- 
> -- Stephen Carville
> UNIX and Network Administrator
> DPSI (formerly Ace USA Flood Services)
> 310-342-3602
> stephen@totalflood.com
> 
> 




-----------------------------------------------------------------
Secure Webmail sent through: Echostar Solutions - www.echostar.ca

Follow-Ups:
- Re: Retrieving information from Active Directory
  - From: Stephen Carville <stephen@totalflood.com>

References:
- Re: Retrieving information from Active Directory
  - From: Stephen Carville <stephen@totalflood.com>

Prev by Date: Re: Changing OID
Next by Date: Re: dc question
Index(es):
- Chronological
- Thread