Web lists-archives.com

Re: [Samba] AD LDAP




---------- Původní e-mail ----------
Od: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
Komu: samba@xxxxxxxxxxxxxxx
Datum: 27. 6. 2018 11:49:38
Předmět: Re: [Samba] AD LDAP 
"On Wed, 27 Jun 2018 11:31:15 +0200 (CEST) 
Michal via samba <samba@xxxxxxxxxxxxxxx> wrote: 

>   Hi, 
>   
>  it there  any way how to look into samba ldap in the same way I can 
> look into OpenLdap via LDAPAdmin, ldap tools etc, when I know 
> OpenLDAP "root" dn and password? Is there such "root" user for Samba 
> AD LDAP? 

Samba AD uses its own version of ldap and most, if not all, standard 
ldap tools will work with it. 
The 'root' user for AD is called 'Administrator', but you are not 
restricted to this user, you can use any user that is a member of 
'Domain Admins', for instance. 
"



(on samba ad server)


ldapsearch -x localhost
# extended LDIF
#
# LDAPv3
# base <dc=nspuh, dc=cz> (default) with scope subtree
# filter: (objectclass=*)
# requesting: localhost
#

# search result
search: 2
result: 1 Operations error
text: 00002020: Operation unavailable without authentication





This is problem. We used to be able get "public" data from ldap without 
authentification (password attributes can not be read without user bind, of 
course). Is there any way how to do it? 


 
"
>  We have a lot of scripts based on "ldapsearch" (without 
> authentification) and "ldapmodify" (with ldap authentification). It 
> would be very unpleasant if we can not use the scripts with SambaAD. 
> 

They should work, but you may not need all of them, Samba comes with 
'samba-tool' and you can use this to maintain user & groups etc. "



 samba-tool can do queries like 


'(&(uidNumber>=5000)(!(uidNumber>=6000)))' 


or 


"-b "ou=people,dc=nspuh,dc=cz" "(!(mail=*))" 


or 


"createTimestamp>=201801310000Z"

?




Michal


 
"
 
Rowland 
  


-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 
"
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba