Re: LDAP - howto get linux to talk to exchange/AD

---

• From: steve <steve@xxxxxxxxxx>
• Date: Fri, 30 Nov 2007 20:30:12 +0000 (UTC)

---

On Thu, 29 Nov 2007 13:19:13 -0800, bobg.hahc wrote:

On Nov 28, 4:58 pm, steve <st...@xxxxxxxxxx> wrote:

On Wed, 28 Nov 2007 14:38:53 -0800, bobg.hahc wrote:

On Nov 28, 4:23 pm, steve <st...@xxxxxxxxxx> wrote:

This rather general waffle may help. We offer software that provides
user authentication via either ldap or ad. The code is almost
exactly the same, but there is one core concept that is different.
By default, ad does *not* allow anonymous read access. This means
that you'll either a) have to reconfigure ad - and google will show
you how, or b) authenticate using an user with enough privilege to
actually read the data.

hth,

Steve

hi Steve;

that does help a little bit...
here's the problem - under the man page for ldapsearch, there IS a -w
parameter which allows for password entry. there IS NOT ANY parameter
that allows for USERNAME entry.... I am completely lost here. I have
no idea why someone would provide a password, with NO ability to
provide a username.

Further - my AD IS setup to allow for anonymous access, so a password
should NOT be required... ???

still completely lost....

Your identity is defined by the -D binddn parameter.

Steve,

TX;
I'm finally starting to see what's supposed to happen now... so my
ldapsearch command now looks like this: ldapsearch -h
ADserver.domain.com -D "CN=<user name>,CN=Users,DC=<domain>,DC=<TLD>" -x
-W -b "CN=Users,DC=<domain>,DC=<TLD>"
"(memberOf=CN=Users,DC=<domain>,DC=<TLD>)"

OR - translated into something more real: ldapsearch -h
exchange.domain.com -D
"CN=exim,CN=Users,DC=domain,DC=com" -x -w "password" -b
"CN=Users,DC=domain,DC=com" "(memberOf=CN=Users,DC=domain,DC=com)"

my problem now, is that I get an "invalid credentials" error. I get this
error even if I use my personal admin account / password...

any insight here?

TIA...
Bob

It may be a permissions problem. I tried locally, using administrator
access, and this worked fine...

ldapsearch -LLL -h 10.0.0.208 -D
"cn=Administrator,cn=Users,dc=MyDomain,dc=local" -x -w password -b
"cn=Users,dc=MyDomain,dc=local"

Steve
.

---

• Follow-Ups:
  • Re: LDAP - howto get linux to talk to exchange/AD
    • From: bobg . hahc

• References:
  • LDAP - howto get linux to talk to exchange/AD
    • From: bobg . hahc
  • Re: LDAP - howto get linux to talk to exchange/AD
    • From: steve
  • Re: LDAP - howto get linux to talk to exchange/AD
    • From: bobg . hahc
  • Re: LDAP - howto get linux to talk to exchange/AD
    • From: steve
  • Re: LDAP - howto get linux to talk to exchange/AD
    • From: bobg . hahc

• Prev by Date: Re: Keep users from executing system commands
• Next by Date: Somebody awkwardly hunt underneath intact delicate lands.
• Previous by thread: Re: LDAP - howto get linux to talk to exchange/AD
• Next by thread: Re: LDAP - howto get linux to talk to exchange/AD
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.misc  > 2007-11