[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch of Active Directory?

To: Andrew Petrov <apetrov@keyspanenergy.com>
Subject: Re: ldapsearch of Active Directory?
From: "Vsevolod (Simon) Ilyushchenko" <simonf@cshl.edu>
Date: Wed, 26 Feb 2003 13:58:32 -0500
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3E5C1039.34759848@keyspanenergy.com>
References: <3E5C0856.8040709@cshl.edu> <3E5C1039.34759848@keyspanenergy.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021212

Hi all (and privet to Andrew),

Thanks a lot for the answers!

What are the bind dn and and the administrator password called in the Microsoft world? (That is, what are the words I have to say to the Windows admin? :)

I have tried using the "managedBy" DN from the root node as the bind DN. (It was our Windows admin's account.) I got this:

---cut here
version: 2

#
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 1 Operations error
text: 000020D6: SvcErr: DSID-03100690, problem 5012 (DIR_ERROR), data 0


# numResponses: 1
---cut here

This is not a simple "invalid password" error, as I tried a bad password and got a different "Invalid credentials" error.

Thanks,
Simon

Andrew Petrov wrote:

Hi,
    I tried a similar search, but used the administrator account as bind dn.

I got a lot more data, but not all the attributes (such as passwords).

Anyone tried to use Net::LDAP for this?

Thanks,
- Andrew.

"Vsevolod (Simon) Ilyushchenko" wrote:

Hi,

I am trying to access AD using ldapsearch like this:
ldapsearch -x -h server -b "dc=our-domain,dc=com"

Instead of the expected list of all users I get a whopping 17 entries:
The first one is what I presume to be the root node, with managedBy,
masteredBy etc attributes, and the rest describe root DNS servers. And
then there is a reference to a CN=Configuration entry.

A similar search run on an Openldap server produces the complete dump.
Does anyone have an idea of how to do a similar dump of AD? Or do I have
to bind in order to do it?

Thanks,
Simon

--

Simon (Vsevolod ILyushchenko)   simonf@cshl.edu
                               http://www.simonf.com

"Large software projects are like werewolves because
they transform unexpectedly from the familiar into horrors."
                    Fred Brooks

--

apetrov@keyspanenergy.com (718) 403-2854
"Nothing is impossible, it's just a matter of time and money."

--

Simon (Vsevolod ILyushchenko)   simonf@cshl.edu
				http://www.simonf.com

"Large software projects are like werewolves because
they transform unexpectedly from the familiar into horrors."
                    Fred Brooks

Follow-Ups:
- Re: ldapsearch of Active Directory?
  - From: "Andrew Petrov" <apetrov@keyspanenergy.com>
- Re: ldapsearch of Active Directory?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- ldapsearch of Active Directory?
  - From: "Vsevolod (Simon) Ilyushchenko" <simonf@cshl.edu>
- Re: ldapsearch of Active Directory?
  - From: "Andrew Petrov" <apetrov@keyspanenergy.com>

Prev by Date: RE: OpenLDAP in Production
Next by Date: Re: OpenLDAP in Production
Index(es):
- Chronological
- Thread