Results 1 to 7 of 7
  1. #1
    Field Supervisor 1,000+ Posts
    LDAP for Dummies

    TheOwl's Avatar
    Join Date
    Nov 2008
    Posts
    1,734
    Rep Power
    62

    LDAP for Dummies

    This is a quick How-To for LDAP.

    Now alot of people ask the question 'How do I setup LDAP' and usually don't understand how to get the information required to input into their MFD to enable LDAP Searches.

    LDAP Stands for Light-weight Directory Access Protocol and can be installed on Linux based systems, Mac Serves and is included with Active Directory and Novell Networks. I am going to use Active Directory as the example as there are more AD based systems than any other.

    So the first two main pieces of information you are going to need are the LDAP Server Name and the Search Base.

    LDAP Server Name: The easiest way to figure this out is to go to the command prompt and type in 'ipconfig' (with out the quotation marks) and then look at the 'Connection-specific DNS Suffix'. The name written here should be the same as the internal FQDN (Fully Qualified Domain Name). If you ping this, you will get a response from the closest Domain Controller which includes LDAP. Even if there is only only DC in the network, it will respond. You can either use the 'Connection-specific DNS Suffix' name or you can use the IP address that the ping came back from. The other way is to open up Active Directory on the Domain Controller and look for the symbol that looks like 3 servers. The name next to this will be the internal FQDN.

    Search Base: The easiest way to get the search base information (if you want to put in a search base as this is optional on a lot of different MFD's) is to open Active Directory and then find the folder that contains all of the users. In the picture below, we are looking at my test server with AD installed and we can see that I have the Users Container open. If I only wanted the MFD to be able to search through that list, then I would use the following Search Base.

    CN=Users,DC=TEST,DC=internal

    How I got this is by looking at the folder called 'Users' and saw that it doesn't have an AD symbol in the corner of the folder. This means that the folder is called a Container or CN as per the Search Base. If the Users folder had an AD symbol in the corner of the folder, then the folder is an Organisational Unit or OU for the Search Base which would change the above Search Base to OU=Users,DC=TEST,DC=internal . The DC part comes from the top where you can see TEST.internal.

    If I had my users stored under two or three different levels of folders (OU's or CN's), then I would need to change my Search Base. Lets pretend that the Users Folder (which is a Container) is kept in the folder called (Domain Controllers (DO NOT MOVE FOLDERS INTO ANY OTHER FOLDER UNLESS DIRECTED BY A NETWORK ADMINISTRATOR, THIS IS AN EXAMPLE ONLY)), then I would use the following Search Base.

    CN=Users,OU=Domain Controllers,DC=TEST,DC=internal

    Other Information Needed: Once you know the first two things, everything else becomes easy. The port number should left as standard unless the network admin has changed it (if they have then you want to run away because that network is going to be extremely complicated) and the last thing that you will need is a username and password capable of viewing the LDAP server. In just about all cases, you can simply get a new user created within Active Directory and that account will suffice for the search without making that user a member of the Domain Admins group or anything stupid.

    Not all MFD's are the same, so the username may have to be entered in as Domainname\Username or there might be a separate field for the domain name to be entered.

    So to cap this setup off as per the screenshot:

    LDAP Server: TEST.internal or the IP address of the server
    Search Base: CN=Users,DC=TEST,DC=internal
    Username: Any user with Active Directory but bear in mind that passwords normally need to be changed
    Password: Password associated with the username

    LDAP for Dummies.jpg
    Attached Images Attached Images
    Please don't ask me for firmware or service manuals as refusal often offends.

  2. #2
    Senior Tech 250+ Posts fbkhan3's Avatar
    Join Date
    May 2012
    Posts
    415
    Rep Power
    30

    Thumbs up Re: LDAP for Dummies

    Much needed,have always looking for this sort of detail information for LDAP searches,

    Very Much appreciated! bless ya

    Cheer's !

  3. #3
    Technician
    Join Date
    Jun 2010
    Posts
    46
    Rep Power
    0

    Re: LDAP for Dummies

    was browsing for something like this just a few days ago.
    much appreciated

  4. #4
    Service Manager 2,500+ Posts
    LDAP for Dummies

    Hansoon's Avatar
    Join Date
    Sep 2007
    Posts
    3,190
    Rep Power
    94

    Re: LDAP for Dummies

    Very handy. Thanks very much Owl.

    Hans

  5. #5
    Junior Member
    Join Date
    Oct 2017
    Posts
    5
    Rep Power
    0

    Cool Re: LDAP for Dummies

    thx

  6. #6
    copierman 250+ Posts
    LDAP for Dummies


    Join Date
    Aug 2007
    Location
    not specified
    Posts
    485
    Rep Power
    40

    Re: LDAP for Dummies

    Thanks for that info, also you can use LDAP search by changing the default port number from 389 to 3268, this is for microsoft networks and looks at the global directory. Its a quick way to set it up without using DC and OU settings, this is ideal for networks that dont have too many users.
    Networking skills are advantageous but use of a 3m vacuum cleaner is essential

  7. #7
    Senior Tech. 2,500+ Posts NeoMatrix's Avatar
    Join Date
    Nov 2010
    Location
    Sunshine State QLD.
    Posts
    3,514
    Rep Power
    104

    Re: LDAP for Dummies

    For those who wish to delve further into the LDAP topic.

    The following link is how to do an LDAP server query using simple batch file and windows CMD interface.

    htttp://www.copytechnet.com/forums/connectivity/97276-all-one-i-t-tech-software.html#post693603

    All in one I.T. Tech software.

    ...
    Inauguration to the "AI cancel-culture" fraternity 1997...
    •••••• •••[§]• |N | € | o | M | Δ | t | π | ¡ | x | •[§]••• ••••••

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Get the Android App
click or scan for the Copytechnet Mobile App

-= -= -= -= -=


IDrive Remote Backup

Lunarpages Internet Solutions

Advertise on Copytechnet

Your Link Here