Re: LDAP - howto get linux to talk to exchange/AD

On 29 Nov 2007 at 21:46, Bob Goldberg wrote:


OK;

I agree - problem is DEFINITELY ldap authentication; forget about
exim....

my exchange server is setup to accept clear text, and anonymous OK (even
though I'm not trying to be anon).

here's the thing - I have no idea what is going on between ldapsearch,
and my exchange server.

I've tried netcat'g the host:389 to see if I could evesdrop, but to no
avail.
I've tried telnet'g to the host:389, and DO connect, but have no idea
what the communication should look like, and I get no responses at all
regardless of what I try.

ldap is definitely running - I can run custom queries, and
ldap://queries thru my windows browser with success.

the problem IS debian authenticating w/ the exchange server.

Can someone tell me some way to diagnose just what is happening in this
communication between ldapsearch & ldap server ???
Or can someone point me / show me how a structured communication to
the ldap server would look like, so I can try sending it thru telnet -
just to see if I can get it to work that way.... Then I can try & figure
out what ldapsearch is sending...

????

TIA - Bob


Bob,

I have not done this with AD; however, I have done it with Novell's eDir on a
Netware Box. After confirming what attributes where visiable with an LDAP
Browser on my windows workstation (http://www-unix.mcs.anl.gov/~gawor/ldap/),
I wrote a perl script to verify/test e-mail address verification on the eDir.

****** Perl Snippit **************
# Open Connection to the LDAP server
print "Opening a connection to $ldhost ... ";
$ldap = Net::LDAP->new($ldhost) || die "Could not connect -- $@";
print "OK\n";
#
print "Binding ... ";
# Do an anonymous bind
$mesg = $ldap->bind;
$status = $mesg->code;
$errmsg = $mesg->error;
print "Status: ($status) $errmsg ";
#
# Do a search for each e-mail address
foreach $addr (@eaddrs) {
print "Looking for $addr ... ";
$filter = "(\&(objectclass=inetOrgPerson) (mail=".$addr."))";
$mesg = $ldap->search(base=>$ogunit, filter=>$filter, attrs=>@attribs );
$status = $mesg->code; $errmsg = $mesg->error; print "Status: ($status)
$errmsg "; $ecnt = $mesg->count; print "found $ecnt entries\n"; if(
$ecnt > 0 ) { # Found email address in directory
foreach $entry ($mesg->entries) {
$dn = $entry->dn;
$spam = $entry->get_value('SpamControl');
print "\t$dn \tSpamControl: $spam ";
@email = $entry->get_value('mail');
$flag=0;
foreach $alias (@email) {
if( $flag ) { print "\n\t Alias: $alias"; }
else {
print "\n\tAddress: $alias";
$flag=1;
}
}
}
}
else { print "failed. Does not exist in the directory\n\n"; }
}
******** End of Perl Snippit ***************

Once, I was able to verify email addresses with the perl; I adjusted Exim4's
configuration like so ... (You need to have the "heavy" exim4 package)


#### CWR Attempt at LDAP E-Mail Address verification
#### accept any "group" or "mail list" address which are not in the
#### eDirectory
accept
domains = kimberly.uidaho.edu
recipients = lsearch;CONFDIR/acceptable.lst

#### check for individual e-mail addresses which are in the eDirectory
deny
domains = kimberly.uidaho.edu
message = Administrative prohibition - unable to validate recipient
condition = ${lookup ldapm{ \
ldap://###.###.###.###/o=ui?mail?sub?\
(mail=${quote_ldap:$local_part@$domain})} {0} {1} }

####
#### CWR Attempt at LDAP -- discard


The key for me, was using the perl script and ldap browser to verify what
attributes where visiable when doing an anonymous bind to ldap _and_ how to
code the request.

I how this helps a bit. My setup is a Novell Netware server hidden from the
outside world and a Debian ETCH server visable to the outside world running
exim.

-- cheers Clarence --
Clarence W. Robison, P.E.
robison@xxxxxxxxxxxxxxxxxxx
208-423-6610


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Relevant Pages

  • RE: C10312e7 Error
    ... Make sure you are running the netmon trace from the Exchange server and that you capture all traffic. ... the capture and then include LDAP, SMTP, and TCP/IP. ...
    (microsoft.public.exchange.admin)
  • Re: LDAP versus HP Laserjet MFP 4345
    ... connect to your DC (what is listed in Active Directory Users & Computers, ... > Ip address and host name of exchange server ... >>>But the printer does not find the LDAP server and the Global address ...
    (microsoft.public.exchange.admin)
  • Re: ldap on exchange 2003
    ... ldap address when prompted during setup of the directory (I think that's what ... I have a mac client who needs to be able to query ldap in exchange so she ... My Exchange server, which isn't installed on a DC does not run LDAP by ... You could always run telnet from a command prompt to check on it as well: ...
    (microsoft.public.exchange.admin)
  • Re: LDAP issues, Please help!
    ... In order to make the Barracuda server ... >more efficient we must set it up with the LDAP from the DC ... >install the LDAP in my DC or Exchange server 2003. ...
    (microsoft.public.exchange.admin)
  • Re: Global Address List unavailable in Entourage! Help?!
    ... > Exchange Server. ... > How do I set up Entourage to find the GAL, ... I have tried every variation of the ldap information my MIS ... tell you the LDAP server to put in your Entourage Exchange account dialog. ...
    (microsoft.public.mac.office.entourage)