|
| |||||||||
| Tags: active, directory, ldap, ldap options, ldapsearch |
Sponsored Links
Using ldapsearch to find things in the active directory
Active Directory
 |
| | Thread Tools | Search this Thread |
|
| |||||||||
| Tags: active, directory, ldap, ldap options, ldapsearch |
|
| | Thread Tools | Search this Thread |
|
#16
28-03-2007
| |||
| |||
| Re: Using ldapsearch to find things in the active directory
I'm trying to use SLES 9's ldapsearch command to access a Windows 2003 Active Directory system. I have not disabled anonymous LDAP operations, so want to provide credentials in the ldapsearch command. I also have not (yet) enabled SSL on the AD system. I've tried various incantations of: ldapsearch -vvv -h {AD system} -x -s base but keep getting the dreaded, "In order to perform this operation a successful bind must be completed on the connection" message. I've stared at the ldapsearch man page, but I'm not seeing qualifiers that do what I need. What am I missing? Thanks tl  |
|
#17
28-03-2007
| |||
| |||
| Re: Using ldapsearch to find things in the active directory
tl wrote: > I'm trying to use SLES 9's ldapsearch command So this is OpenLDAP. You can find out the version of OpenLDAP with this command: rpm -qf `which ldapsearch` > to access a Windows 2003 Active > Directory system. I have not disabled anonymous LDAP operations, so want to > provide credentials in the ldapsearch command. > > I've tried various incantations of: > > ldapsearch -vvv -h {AD system} -x -s base This is anonymous access. Try -D and together with -w or -W. Ask the AD admin for an account with bind-DN and password. > but keep getting the dreaded, "In order to perform this operation a > successful bind must be completed on the connection" message. AD does not allow anonymous access. > I've stared at the ldapsearch man page, but I'm not seeing qualifiers that > do what I need. From the ldapsearch man page: -D binddn Use the Distinguished Name binddn to bind to the LDAP directory. -W Prompt for simple authentication. This is used instead of specifying the password on the command line. -w passwd Use passwd as the password for simple authentication. Note that with OpenLDAP's ldapsearch option -D requires a real distinguished name (not only a UPN). For simple bind you have to find it out prior of binding. You could also use SASL with DIGEST-MD5 and then use options -Y and -U. Check out the man page. Something like this (haven't tried it): ldapsearch -h {AD system} -s base -Y DIGEST-MD5 -U {user's UPN} Ciao, Michael. |
|
|
| Thread Tools | Search this Thread |
| |
Similar Threads for: "Using ldapsearch to find things in the active directory" | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Developing active directory applications without any Active Directory Services | J055 | Active Directory | 4 | 11-12-2009 07:41 PM |
| how to register non-active directory computer in a active directory integrated DNS server | David | Windows Server Help | 8 | 18-09-2009 07:32 PM |
| how to find out object type(user,computer,group) in active directory? | vivekmohan | Software Development | 2 | 06-08-2009 04:19 PM |
| How can I find out who created a user account in Active Directory | bubblecrumb | Windows Server Help | 0 | 13-02-2008 02:00 PM |
| question on upgrading from active directory 2000 to active directory 2003 | Gary M | Window 2000 Help | 2 | 17-03-2007 01:27 AM |
