Re: Windows 2003 Server LDAP.
- From: Jeremy <Jeremy@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 25 Jul 2007 09:22:09 -0700
Joe,
I thank you so much for your help. I got it working and I think it was the
UPN naming that did it. Besides that, your explanations really cleared alot
of things up for me.
Thanks again.
Jeremy
"Joe Kaplan" wrote:
I doubt you need to change anything in AD to get that to work. You just.
need to configure the copier correctly so it can bind and search. It sounds
like it uses a fairly generic LDAP mechanism which implies that it probably
uses LDAP simple bind to connect to AD. The reason they probably recommend
SSL is that LDAP simple bind is not secure because it uses plaintext
credentials. However, it is up to you whether you want to implement SSL to
ensure this is done securely.
The format of the user name that will work with an LDAP simple bind are the
full UPN, the full NT style name (domain\user) or the full DN of the user.
I'd suggest using UPN. The password is just the password. The search base
is just the DN of your domain root. You can get that easily from a tool
like ldp.exe or ADSI Edit or by writing a quick script that reads the
defaultNamingContext attribute off of the RootDSE object.
The port should be 389 unless you implement SSL, in which case it will be
636. You can't change those in AD as I mentioned before.
If you provide the rest of the parameters it asks for, we can probably tell
you what to put in or how to get the info.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Jeremy" <Jeremy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DE40E002-CB51-4872-8927-F706D03FE2E1@xxxxxxxxxxxxxxxx
Well the problem is an authentication error when doing an LDAP lookup on
one
of our multifunction copiers. We have tried a few different credentials
with
no luck. It asks for a bunch of different information like, server, server
name, port, ssl, search base, user/pass, etc. Can you give examples of
what
might be used for these incase im missing something and where to find the
info? I was also told it can be tested on a PC by adding a new account in
'address book' in accessories to test it before trying on the copier. the
whole purpose of this is to get scan to email working on the copier and
using
LDAP for lookups instead of adding the user accounts manually on the
copier.
thanks.
Jeremy
"Joe Kaplan" wrote:
Which features do you need to change? You can't change the port numbers
with AD. You need to use ADAM if you want that. For SSL, you just need
to
get the DCs configured with a proper SSL certificate according to the
docs
(depending on whether you use MS CA and auto enrollment or get external
certs and do this manually). Other settings are controlled in other
places,
so it just depends on what you want to do.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Jeremy" <Jeremy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8D49C370-EBC5-4923-8F83-0E5CEA442981@xxxxxxxxxxxxxxxx
Where can I modify settings for LDAP such as port number,
authentication,
SSL etc etc? I need to make some changes on how it behaves and need to
know
where this can be done.
Thanks,
Jeremy
- Follow-Ups:
- Re: Windows 2003 Server LDAP.
- From: Joe Kaplan
- Re: Windows 2003 Server LDAP.
- References:
- Re: Windows 2003 Server LDAP.
- From: Joe Kaplan
- Re: Windows 2003 Server LDAP.
- From: Joe Kaplan
- Re: Windows 2003 Server LDAP.
- Prev by Date: removing NT4 domain controller from 2003 evinronment
- Next by Date: Active Directory Sites group policy
- Previous by thread: Re: Windows 2003 Server LDAP.
- Next by thread: Re: Windows 2003 Server LDAP.
- Index(es):
Relevant Pages
|
