[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Retrieving information from Active Directory

Thank you for the reply.

The "administrator" account on the DC was renamed to "total" so here
is the command I tried:

ldapsearch -D "cn=total,cn=users,dc=totalflood,dc=com" -x 
-h 192.168.124.10 -b "cn=users,dc=totalflood,dc=com" 
"(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))" -v 
-w <total_password>

The results:

ldap_init( 192.168.124.10, 0 )
ldap_bind: Invalid credentials
        additional info: 80090308: LdapErr: DSID-0C09030B, \
comment: AcceptSecurityContext error, data 525, v893

I also tried it with -P2.

I ran a sniffer on my workstation and can see the transaction so I
know the packets are getting thru.  There is nothing I can find in the
Windows logs that even indicate a request was made.

The server runs in mixed-mode so I tried it without the -D:

ldapsearch -x -h 192.168.124.10 -b "cn=users,dc=totalflood,dc=com" 
"(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))" -v

Results:

ldap_init( 192.168.124.10, 0 )
filter: (&(objectCategory=person)(objectClass=user)(sAMAccountName=*))
requesting: ALL
version: 2

#
# filter: (&(objectCategory=person)(objectClass=user)(sAMAccountName=*))
# requesting: ALL
#

# search result
search: 2
result: 0 Success

I am not sure if that is progress or not :-)

On Mon, 14 Oct 2002, Aaron Anderson wrote:

- Sorry made a mistake in my command list below. It should be:
- 
- ldapsearch -W -D "cn=administrator,cn=users,dc=domain,dc=test,dc=com"
- -x -h <ip of ad box> -b "cn=users,dc=domain,dc=test,dc=com"
- "(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))"
- 
- Also another side note is that if you setup your Active Directory in
- mixed-mode, you shouldn't need to bind to the directory (ie you don't need
- the -W and -D arguments).  If it is setup in native mode, then you do. 
- I'm about 80% sure that is accurate.  You may want to post in a M$ ng
- about that.
- 
- 
- Aaron
- 
- 
- Quoting Aaron Anderson <aaron@echostar.ca>:
- 
- > To use LDAP search against a LDAP directory, you have to do the
- > following:
- > 
- > If your active directory name is domain.test.com then
- > 
- > ldapsearch -W -D "cn=administrator,cn=users,dc=domain,dc=test,dc=com"
- > -x
- > -h <ip of ad box> -b "cn=users,dc=nexus2k,dc=psynch,dc=com"
- > "(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))"
- > 
- > That should list all of the users.
- > 
- > Aaron
- > 
- > 
- > Quoting Stephen Carville <stephen@totalflood.com>:
- > 
- > > I am settng up a mail server and trying to use openldap so I can
- > > create a public addressbook.  I hope to populate this with
- > informatin
- > > gleaned from Active Directory but, so far, I haven't been able to
- > get
- > > anything useful.
- > > 
- > > So how I can get the user information out of active directory?  I
- > have
- > > 
- > > searched Google and found references to using ldapsearch but none of
- > 
- > > the instruction worked.  I am really new to ldap so I may be 
- > > overlooking the obvious.
- > > 
- > > I am running version 2.0.11 on Redhat 7.2.
- > > 
- > > -- 
- > > -- Stephen Carville
- > > UNIX and Network Administrator
- > > DPSI (formerly Ace USA Flood Services)
- > > 310-342-3602
- > > stephen@totalflood.com
- > > 
- > > 
- > 
- > 
- > 
- > 
- > -----------------------------------------------------------------
- > Secure Webmail sent through: Echostar Solutions - www.echostar.ca
- > 
- 
- 
- 
- 
- -----------------------------------------------------------------
- Secure Webmail sent through: Echostar Solutions - www.echostar.ca
- 

-- 
-- Stephen Carville
UNIX and Network Administrator
DPSI (formerly Ace USA Flood Services)
310-342-3602
stephen@totalflood.com