[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Active Directory users and groups lists

To: "Koos, Remus" <rkoos@snapappliances.com>, "LDAP" <openldap-software@OpenLDAP.org>
Subject: RE: Active Directory users and groups lists
From: "Hamm, Gottfried" <ghamm@ghks.de>
Date: Sat, 17 Mar 2001 02:01:49 +0100
Content-class: urn:content-classes:message
Thread-index: AcCuc7Z/7e3VCWM1Rd+2ZU+bWBMuewACXL9Q
Thread-topic: Active Directory users and groups lists

Hi,

>   I am trying to query a MS Active Directory server using LDAP for the
> users/groups that are defined for that server. I am using 
> this command line
> from a Linux box
> 
>   ldapsearch -h adserver.mydomain.com -b 'cn=users,dc=mydomain,dc=com'
> 'objectclass=*'
> 
> without too much success. At the previous command 
> 'ldapsearch' doesn't say
> anything. If I try 'ou=users' instead of 'cn=users', I am told:

you have to give the anonymous user read access to the users container.
By default only authenticated users have read access. For security
reasons it would be a good idea to put your real users in a new
organizational unit and give it anonymous read access. As search base
should be given:
ou=<Your_OU_structure>,dc=<Second_level_domain>,dc=<First_level_domain>.
I tested it and it works great.

Good luck,

Gottfried

-- 
Gottfried Hamm
Phone +49 (6249) 905005 | Fax +49 (6249) 905004
mailto:ghamm@ghks.de | http://www.ghks.de

Prev by Date: can not parse LDIF file
Next by Date: Cool Web / Shell Interfaces?
Index(es):
- Chronological
- Thread