[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Retrieving information from Active Directory
Thank you for the reply.
The "administrator" account on the DC was renamed to "total" so here
is the command I tried:
ldapsearch -D "cn=total,cn=users,dc=totalflood,dc=com" -x
-h 192.168.124.10 -b "cn=users,dc=totalflood,dc=com"
"(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))" -v
-w <total_password>
The results:
ldap_init( 192.168.124.10, 0 )
ldap_bind: Invalid credentials
additional info: 80090308: LdapErr: DSID-0C09030B, \
comment: AcceptSecurityContext error, data 525, v893
I also tried it with -P2.
I ran a sniffer on my workstation and can see the transaction so I
know the packets are getting thru. There is nothing I can find in the
Windows logs that even indicate a request was made.
The server runs in mixed-mode so I tried it without the -D:
ldapsearch -x -h 192.168.124.10 -b "cn=users,dc=totalflood,dc=com"
"(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))" -v
Results:
ldap_init( 192.168.124.10, 0 )
filter: (&(objectCategory=person)(objectClass=user)(sAMAccountName=*))
requesting: ALL
version: 2
#
# filter: (&(objectCategory=person)(objectClass=user)(sAMAccountName=*))
# requesting: ALL
#
# search result
search: 2
result: 0 Success
I am not sure if that is progress or not :-)
On Mon, 14 Oct 2002, Aaron Anderson wrote:
- Sorry made a mistake in my command list below. It should be:
-
- ldapsearch -W -D "cn=administrator,cn=users,dc=domain,dc=test,dc=com"
- -x -h <ip of ad box> -b "cn=users,dc=domain,dc=test,dc=com"
- "(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))"
-
- Also another side note is that if you setup your Active Directory in
- mixed-mode, you shouldn't need to bind to the directory (ie you don't need
- the -W and -D arguments). If it is setup in native mode, then you do.
- I'm about 80% sure that is accurate. You may want to post in a M$ ng
- about that.
-
-
- Aaron
-
-
- Quoting Aaron Anderson <aaron@echostar.ca>:
-
- > To use LDAP search against a LDAP directory, you have to do the
- > following:
- >
- > If your active directory name is domain.test.com then
- >
- > ldapsearch -W -D "cn=administrator,cn=users,dc=domain,dc=test,dc=com"
- > -x
- > -h <ip of ad box> -b "cn=users,dc=nexus2k,dc=psynch,dc=com"
- > "(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))"
- >
- > That should list all of the users.
- >
- > Aaron
- >
- >
- > Quoting Stephen Carville <stephen@totalflood.com>:
- >
- > > I am settng up a mail server and trying to use openldap so I can
- > > create a public addressbook. I hope to populate this with
- > informatin
- > > gleaned from Active Directory but, so far, I haven't been able to
- > get
- > > anything useful.
- > >
- > > So how I can get the user information out of active directory? I
- > have
- > >
- > > searched Google and found references to using ldapsearch but none of
- >
- > > the instruction worked. I am really new to ldap so I may be
- > > overlooking the obvious.
- > >
- > > I am running version 2.0.11 on Redhat 7.2.
- > >
- > > --
- > > -- Stephen Carville
- > > UNIX and Network Administrator
- > > DPSI (formerly Ace USA Flood Services)
- > > 310-342-3602
- > > stephen@totalflood.com
- > >
- > >
- >
- >
- >
- >
- > -----------------------------------------------------------------
- > Secure Webmail sent through: Echostar Solutions - www.echostar.ca
- >
-
-
-
-
- -----------------------------------------------------------------
- Secure Webmail sent through: Echostar Solutions - www.echostar.ca
-
--
-- Stephen Carville
UNIX and Network Administrator
DPSI (formerly Ace USA Flood Services)
310-342-3602
stephen@totalflood.com