March 8th, 2004, 08:11 AM
-
Accessing LDAP help
Hi All,
I would need some help understanding the DN string to access LDAP info.
I've been able to get a list of the top objects, but now I don't know how to view the sub objects.
For example, this is the output of my PHP script, but how can I look into 'Everyone'? I guess the users are there...
cn:Everyone
instancetype:4
distinguishedname:CN=Everyone,CN=WellKnown Security Principals,CN=Configuration,DC=AISEDEMILANO,DC=LOCALE
objectcategory:CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=AISEDEMILANO,DC=LOCALE
objectclass:top
objectguid:¥¬‘¹Q“„L§ÝxÚœÀã
objectsid:
name:Everyone
showinadvancedviewonly:TRUE
usnchanged:1295
usncreated:1295
whenchanged:20020613081629.0Z
whencreated:20020613081629.0Z
cn:Creator Owner
instancetype:4
distinguishedname:CN=Creator Owner,CN=WellKnown Security Principals,CN=Configuration,DC=AISEDEMILANO,DC=LOCALE
objectcategory:CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=AISEDEMILANO,DC=LOCALE
objectclass:top
objectguid:áÂÃg·«-IªÝùÓkeþN
objectsid:
name:Creator Owner
showinadvancedviewonly:TRUE
usnchanged:1296
usncreated:1296
whenchanged:20020613081629.0Z
whencreated:20020613081629.0Z
Thanks,
Stefano
March 8th, 2004, 09:50 AM
-
It looks like the users aren't there - for those groups at least. If they were you would see the following in your results from the query:
cn:Everyone
instancetype:4
distinguishedname:CN=Everyone,CN=WellKnown Security Principals,CN=Configuration,DC=AISEDEMILANO,DC=LOCALE
objectcategory:CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=AISEDEMILANO,DC=LOCALE
objectclass:top
objectguid:¥¬‘¹Q“„L§ÝxÚœÀã
objectsid:
member: dnofuser
member: dnofuser
member: dnofuser
name:Everyone
showinadvancedviewonly:TRUE
usnchanged:1295
usncreated:1295
whenchanged:20020613081629.0Z
whencreated:20020613081629.0Z
Again - this information would have been retrieved in the query you ran - which was probably at the base level.
You may want to consider running a subtree level search to reach deeper into the DIT structure.
HTH
March 9th, 2004, 03:45 AM
-
I tried using a LDAP browser (Softerra 2.5) to get deeper into subtree levels, but it seems no sublevels are available.
Exchange works fine even without a DN base string, so I don't know where to look for it (our SysAdmins are very busy...
) in fact I just need to authenticate users within our Intranet using Apache/LDAP or PHP.
Attached you may find an export of a global search using LDAP browser, hope it may be useful.
Thanks
Stefano
March 10th, 2004, 11:03 AM
-
You may have a permissions issue. To be clear - can you see anything other than what is in the file you posted? Not only subtree entries - but the attributes associated with the entries you are able to see?
March 12th, 2004, 03:20 AM
-
I post a complete (I guess) ldif export with all the attributes I can see. I'm able to log as 'admin', but I don't notice any difference against anonimous bind.
I've given a look at the ActiveDirectory conf window, where I can see all the users inside the 'Users' folder, but no way to find it through ldap browser
Thanks,
Stefano
Originally Posted by ldap4u
You may have a permissions issue. To be clear - can you see anything other than what is in the file you posted? Not only subtree entries - but the attributes associated with the entries you are able to see?
March 12th, 2004, 03:23 AM
-
Attached the complete ldif export
Last edited by Providence77; March 12th, 2004 at 03:31 AM.
Reason: attachment
March 12th, 2004, 10:20 AM
-
I want to back up for a minute to clarify your original post and my responses. I just realized you were querying a security principle for users - which won't (I don't think) ever expose the users that have that principle applied to them (unlike group membership - which is where I was going with my original response).
That having been said - I still think you have a permissions issue - as you should be able to drill down into the subtree CN=users just like you were able through the admin console.
Were you binding as the same user in the ldap browser that you used when you logged in to Windows and viewed cn=users through the admin console?