Re: Possibly slightly O.T.: Why FQDN required to do simple bind with "ldapsearch"?
- From: ohaya <ohaya@xxxxxxx>
- Date: Tue, 18 Apr 2006 07:51:44 -0400
Herb Martin wrote:
"Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx> wrote in message news:u$3aYrpYGHA.1200@xxxxxxxxxxxxxxxxxxxxxxxIn news:%23njWQ$oYGHA.4836@xxxxxxxxxxxxxxxxxxxx,
ohaya <ohaya@xxxxxxx> stated, which I commented on below:
Hi,AD is not like NT4 where it works using NetBIOS. Any ldap search is FQDN based to 'find' the ldap server. AD is DNS based. Server names are tagged with an SPN (Server Principal Name), which is the machine's FQDN., and how it finds it to bind to it.
I was doing some testing, using ldapsearch from a Solaris machine, to
access Active Directory. I was trying to use a simple bind, and
initially could not get a successful access, until I started using a
fully-qualified domain name (FQDN) for the hostname parameter.
I'm not sure if this is more of an AD question, or an ldapsearch
question, but I was wondering if anyone might know why I had to use
the FQDN for the ldapsearch hostname parameter in order for the
simple bind to succeed?
Thanks,
Jim
However, since most Windows programs which use DNS
lookups WITH the built-in name resolving would fail over
to NetBIOS lookups if all DNS methods fail.
So one might legitimately wonder why this didn't happen here.
(Notice this is different than apps like IE which might actuall
DO a "NetBIOS resolution" directly under certain conditions.)
Within an LDAP query the DISTINGUISHED name is the
prescribed naming method for the QUERY itself however.
(Not the computer being queried.)
I am curious. Perhaps his machine doesn't have its domain
name set in the System Control panel or it's set to a different
domain than he was querying.
Herb,
The machine from which I was running the ldapsearch was a Solaris X86 box, so it wasn't a member of any Windows domain.
Also FYI, I'm pretty sure that I had the /etc/hosts entry for the AD machine with both the FQDN and a short name (ct3.whatever.com and ct3, respectively) of the AD machine, i.e., I wasn't using DNS to do name resolution on the Solaris box, so this is still puzzling (to me).
I'm having a hard time understanding how AD would even be aware of what I used for the hostname in the ldapsearch command line, unless the LDAP protocol has the hostname embedded in the protocol somehow?
Jim
.
- Follow-Ups:
- References:
- Prev by Date: Re: Renamed local admin not enough rights
- Next by Date: Re: Renamed local admin not enough rights
- Previous by thread: Re: Possibly slightly O.T.: Why FQDN required to do simple bind with "ldapsearch"?
- Next by thread: Re: Possibly slightly O.T.: Why FQDN required to do simple bind with "ldapsearch"?
- Index(es):
Relevant Pages
|
