[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Active Directory



Vishal Khanna wrote:
Christian
Were you able to authenticate users from ADS...using OpenLDap..
Vishal

Christian Pohl wrote:

Ron Wahler wrote:

I need access to Active Directory User passwords from
A remote client.  I would like to use ldapsearch has anyone

Configured a client to do that ?   what other tools do I need ?



Thanks,

Ron.



I used this config to _change_ the password. Perhaps it works also for reading.


1. Enable SSL for ldap (Microsoft Knowledgebase Article 247078)
2. Root Certificate to openldap-tools: (openldap:.../etc/openldap/ldap.conf: TLS_CACERT /path/to/pem/ca/cert.crt)
5. connect to server here: write new password
ldapmodify -H ldaps://myadserver.company.de -D "cn=administrator,cn=users,dc=mydomain,dc=mycountry" -w -f myldif.ldif


Remark: the servername in the subject _must_ match the one used in the connect string.

See:
247078 HOWTO: Enable Secure Socket Layer (SSL) Communication Over LDAP For Windows 2000 Domain Controllers
269190 HOWTO: Change a Windows 2000 User's Password Through LDAP


Perhaps this helps.

Kind regards,

Chris



I authenticated cn=administrator... and so I could change the password for any user. I did not try it with a 'normal' user.

Chris

--
Christian Pohl
»|secaron

--
The From: and Reply-To: addresses are internal news2mail gateway addresses.
Reply to the list or to Christian Pohl <pohl@secaron.de>