Re: LDAP Search Query Question

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx>
Date: Fri, 16 Feb 2007 17:18:39 -0500

The search base is dc=abc,dc=com (the comma is part of it)
The query/filter/search string (whatever your application calls it) is
(&(objectCategory=person)(objectClass=user)(samaccountname=%login%))
assuming that %login% and samaccountname are the same thing in your
particular organization.

Does that help? If not, tell us what fields are available and we'll try to
map them for you.

Al

"Bob Randall" <BobRandall@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2CCF1E89-B9EB-484C-8F7C-3CFD9B6EF02B@xxxxxxxxxxxxxxxx

If we are trying to search the root of our domain to authenticate users
with
an application (IBM Rational), do we use:

dc=abc dc=com

for our domain and the search string:

(&(objectCategory=person)(objectClass=user)(samaccountname=%login%))

to verify the user in AD? Is there any other information we need? What
would
be the exact context of the search string that we would use for the
application? Sorry for all of the questions, but I am pretty confused
about
all of this!

Bob

"Paul Williams [MVP]" wrote:

IBMs examples use uid as that's most likely what IBM DS uses as the RDN.
That is also what SunONE uses. Active Directory uses cn as the RDN, so
you
might need to change your search to cn instead of uid. sAMAccountName is
also a good candidate, as Al mentions, as this is unique throughout the
domain. You'll have to see what attributes you need to use. To test the
queries, consider using LDP or ADFIND. They're probably quicker than
your
app once you've mastered the syntax.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net

References:
- Re: LDAP Search Query Question
  - From: Paul Williams [MVP]

Prev by Date: Re: Active Directory Federated Services Custom Claim Transforms
Next by Date: Re: Migrate COMPUTERS in AD from 2000 to SBS2003 with same domain name
Previous by thread: Re: LDAP Search Query Question
Next by thread: Re: ADFS Programming with Visual Studio 2005
Index(es):
- Date
- Thread

Relevant Pages

Re: Home Drive mapping problem
... As you're using VBScript, perhaps you shouldn't place %username% in there. ... place the user's sAMAccountName in the string. ...
(microsoft.public.windows.server.active_directory)
Re: Handling output from ldapsearch
... sAMAccountName: user01 ... string is in a variable 's' e.g. by means of a call like ... set lineLst ... lappend userLst ...
(comp.lang.tcl)
Re: Change login and password prompt
... > Where can i change Password and Login Prompt. ... can confirm this with the dd command: ... bytes to get to the "Password:" string, ... replacement string in the same way as was in the input file. ...
(comp.os.linux.misc)
Active Directory gives up group info for only SOME users
... Our ASP.NET app is secured with forms authentication and validates users ... against Active Directory. ... Private _filterAttribute As String ... Dim entry As DirectoryEntry = New DirectoryEntry(_path, domainAndUsername, ...
(microsoft.public.dotnet.security)
AD only gives up group (role) information for SOME users
... Our ASP.NET app is secured with forms authentication and validates users ... against Active Directory. ... Private _filterAttribute As String ... Dim entry As DirectoryEntry = New DirectoryEntry(_path, domainAndUsername, ...
(microsoft.public.dotnet.framework.aspnet.security)