Re: Query LDAP from Linux??
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 07/15/04
- Next message: Joe Richards [MVP]: "Re: Where to obtain latest version of DS CLI tools"
- Previous message: Joe Richards [MVP]: "Re: Query LDAP from Linux??"
- In reply to: Kevin Queen: "Query LDAP from Linux??"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 15 Jul 2004 09:49:58 -0400
He will need a couple of things...
1. Base DN to start the search. Depending on if he knows where the data he wants
is, this will vary. If he wants to start at the root of a single domain and
assuming the domain is joe.com, the base dn would be dc=joe,dc=com. However as
another poster indicated, this info is available in the rootdse (base level
search on the null base of any DC in the domain... this is standard Ldap V3
stuff, he should be able to work that out...)
2. He will probably need a server name. Last I looked, the LDAP Java stuff was
being corrected to follow the RFC standards for SRV record lookup but hadn't
gotten there yet. This means he will need a server name to bind too.
3. He will need a port, if he wants to do a standard LDAP bind he will want 389.
If he wants to do a forest wide search with a multiple domain forest he will
want 3268. If you are using SSL and want to encrypt the data, there is another
set of ports.
4. He will need a bind ID. In normal LDAP this will be a DN of some user
principal in the directory like cn=joe,cn=users,dc=joehome,dc=com. However with
AD, MS has made this more flexible and it will take a Bind DN, a netbios style
userid (joehome\joe), as well as a upn style userid (joe@joehome.com).
5. He will need a bind password.
If he thinks that he just needs a rootdn like you mention, give it to him and he
will find that AD is a little more secure than most LDAP servers by default. He
will then, if he can't figure out authentication be asking you to reduce the
permissions on your AD so that his stuff will work. You should adamantly refuse.
joe
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net Kevin Queen wrote: > I have a developer that wants to be able to query AD > using a Java based Linux app, what to I need to tell him > to do so that he can get authenticated and query the > server? He seems to think that all I need to do is find > out what the RootDN is, what the hell is it then? > > Thanks, > --Kevin
- Next message: Joe Richards [MVP]: "Re: Where to obtain latest version of DS CLI tools"
- Previous message: Joe Richards [MVP]: "Re: Query LDAP from Linux??"
- In reply to: Kevin Queen: "Query LDAP from Linux??"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
