[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: querying MS-Exchange Server ?



John, setting -D and -w for authentication did the trick,
amazingly, and ldapsearch dumps the whole tree for me!
Also, individual queries (with * wildcard) work just fine.

This tells me that the win2k guy is wrong about requiring
any kind of secure authentication (Kerberos or whatever),
and also about having to bind to some kind of Global Catalog.

The reason why I'm messing with this is to eventually 
incorporate address look-ups into horde/imp (which we have
running on the FreeBSD box).

Thanks again very much for your help, 
 -Ted.


> AFAICT, Active Directory will only show you certain "safe" objects unless
> you bind non-anonymously. I can query a local Active Directory and find all
> the user objects with something like this:
> 
> ldapsearch -D jwm@example.com -w mypassword -h win2k-machine \
>     -b cn=Users,dc=example,dc=com objectClass=\*
> 
> or (binding as my actual DN):
> 
> ldapsearch -D 'CN=John W. Morrissey,CN=Users,DC=example,DC=com' \
>     -w mypassword -h win2k-machine -b cn=Users,dc=example,dc=com \
>     objectClass=\*
> 
> This particular account has Domain Admin rights; a lowly User account might
> not get you the same results (or even anything at all). Simple auth works
> fine for me, but requiring Kerb auth (likely what he means by "secure
> password authentication") may be a site-specific configuration option.
> 
> ...
>
> On Fri, Dec 28, 2001 at 03:53:39PM -0600, SSL wrote:
> % The Win2000 techie said, "Oh, you're not getting the MS-Exchange
> % users because it's acting as an Active Directory server" (or
> % something like that), and told me to do the search based
> % on the Global Catalog called "blahblah" (this is a made-up
> % name).  It happens that one of the records returned by
> % the generic query (objectClass=*) has DC=blahblah.
> % 
> % Now, I'm lost as to how to set the "Global Catalog" in
> % an ldapsearch query.
> % 
> % He also said that the the directory (based on Global Catalog
> % blahblah) wasn't publicly viewable, and that only MS-Exchange
> % users could query it, using "secure password authentication".
> % By this I presume he means SASL, is this correct?  (If so,
> % then I'll have to reinstall openssl, as the FreeBSD pre-compiled
> % "port" is apparently compiled without SASL.)