Re: Less Informaion Availiable in LDAP on SBS than Server 2003

cleopold73 wrote:
I am querying the attributes with this tool, which is just a generic
LDAP browser tool...

http://www-unix.mcs.anl.gov/~gawor/ldap/

I get the same results using ldapsearch from a UNIX command line when
querying through ldap.

What makes this problem worse, is we have joined a regular 2003 R2
Domain Controller to the SBS domain, and the ldap permissions
problems replicate over to it, causing us not to be able to query the
UNIX attributes from the 2003 R2 DC either...
an
Thanks,

Corey

This would be strange indeed as I can't see why there would be any
difference in the actual schema attribute permissions.

Please post the *exact* commands (including the binds) and the results
necessary to reproduce your results (both W2003R2and SBSR2+v31).



"kj [SBS MVP]" wrote:

It would have to be R2 to get schema 31, Cris

OP, While you might upgrade the schema on SBS to v31 note that a SBS
R2 server does not have all the same interoprability componets and
services installed that Server 2003 R2 has (unfortunatly).

OP, What method & manner were you using to query the SBS R2 (with
adrprep V31 schema) for those attributes?

--
/kj
"Cris Hanna [SBS-MVP]"
<crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:eq3Hbb$GIHA.5328@xxxxxxxxxxxxxxxxxxxxxxx When you
referred to W2k3 in your Original Post for the comparison, was the
standard server "R2"?

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"cleopold73" <cleopold73@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:40C4829D-B447-4DEA-B94C-12D48C77E7C2@xxxxxxxxxxxxxxxx The
real problematic attributes for us are the unix related ones
like uidNumber loginShell, unixHomeDirectory, which are there
after upgrading to Schema 31 on SBS, but can not be seen by a proxy
ldap user created as referenced in the "Windows Security and
Directory Services for UNIX Guide"

These UNIX attributes are availiable to a non-administrator
account under a plain 2003 R2 instance, but not availiable to a
non-administrator account SBS R2 with Schema 31.

The reason I stayed away from the UNIX reference in the first
post, is I was hoping to appeal to a broader audience to
understand why LDAP under SBS hides some attributes when queried
by non-administrative accounts.

Thanks

Corey

"Cris Hanna [SBS-MVP]" wrote:

> Maybe if you give us a better idea of what you want to
accomplish, we can provide "Plan B". >
> I don't have an explanation of why its different.
>
> --
> Cris Hanna [SBS-MVP]
> -------------------------------------------------
> Microsoft MVPs
> Independent Experts (MVPs do not work for MS)
> Real World Answers
> ---------------------------------------------------------
> Please do not contact me directly regarding issues
>
> "cleopold73" <cleopold73@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:C0E28A74-7115-4499-BF53-F4E417BF7199@xxxxxxxxxxxxxxxx >
Using an LDAP browser authenticated with a non-Administrative
account user > attributes like accountExpires, whenChanged,
lastLogoff, cannot be seen on a > SBS. On a default install
of Server 2003 R2 we can see these attributes as a >
non-privileged user via LDAP. What is the difference in SBS
that causes this? > > We do see all the attributes if using an
Administrative account to bind to > LDAP. > > We would like
to not have to use an administrative account to query these >
attributes. >
> Thanks
>
> Corey

--
/kj


.

Relevant Pages

  • Re: Less Informaion Availiable in LDAP on SBS than Server 2003
    ... Have you tried running the LDAP query under a power user account? ... causing us not to be able to query the UNIX attributes from ... While you might upgrade the schema on SBS to v31 note that a SBS R2 ...
    (microsoft.public.windows.server.sbs)
  • Re: Less Informaion Availiable in LDAP on SBS than Server 2003
    ... Compatible Access" we were able to query all attributes just fine on SBS. ... You can also modify your setup to allow anonymous LDAP access... ... Just tried and apparently if a user account is a member of "Domain Power ... causing us not to be able to query the UNIX attributes from ...
    (microsoft.public.windows.server.sbs)
  • Re: Less Informaion Availiable in LDAP on SBS than Server 2003
    ... Compatible Access" we were able to query all attributes just fine on SBS. ... You can also modify your setup to allow anonymous LDAP access... ... we wanted to use a very limited account, like you can use under 2003R2. ... I get the same results using ldapsearch from a UNIX command line ...
    (microsoft.public.windows.server.sbs)
  • Re: Less Informaion Availiable in LDAP on SBS than Server 2003
    ... Just tried and apparently if a user account is a member of "Domain Power ... Users" then I can query these LDAP attributes. ... While you might upgrade the schema on SBS to v31 note that a SBS R2 ...
    (microsoft.public.windows.server.sbs)
  • Re: Less Informaion Availiable in LDAP on SBS than Server 2003
    ... You can also modify your setup to allow anonymous LDAP access... ... Just tried and apparently if a user account is a member of "Domain Power ... causing us not to be able to query the UNIX attributes from ... While you might upgrade the schema on SBS to v31 note that a SBS ...
    (microsoft.public.windows.server.sbs)
Loading