LDAP for Dummies

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • TheOwl
    Service Manager

    Site Contributor
    1,000+ Posts
    • Nov 2008
    • 1733

    LDAP for Dummies

    This is a quick How-To for LDAP.

    Now alot of people ask the question 'How do I setup LDAP' and usually don't understand how to get the information required to input into their MFD to enable LDAP Searches.

    LDAP Stands for Light-weight Directory Access Protocol and can be installed on Linux based systems, Mac Serves and is included with Active Directory and Novell Networks. I am going to use Active Directory as the example as there are more AD based systems than any other.

    So the first two main pieces of information you are going to need are the LDAP Server Name and the Search Base.

    LDAP Server Name: The easiest way to figure this out is to go to the command prompt and type in 'ipconfig' (with out the quotation marks) and then look at the 'Connection-specific DNS Suffix'. The name written here should be the same as the internal FQDN (Fully Qualified Domain Name). If you ping this, you will get a response from the closest Domain Controller which includes LDAP. Even if there is only only DC in the network, it will respond. You can either use the 'Connection-specific DNS Suffix' name or you can use the IP address that the ping came back from. The other way is to open up Active Directory on the Domain Controller and look for the symbol that looks like 3 servers. The name next to this will be the internal FQDN.

    Search Base: The easiest way to get the search base information (if you want to put in a search base as this is optional on a lot of different MFD's) is to open Active Directory and then find the folder that contains all of the users. In the picture below, we are looking at my test server with AD installed and we can see that I have the Users Container open. If I only wanted the MFD to be able to search through that list, then I would use the following Search Base.

    CN=Users,DC=TEST,DC=internal

    How I got this is by looking at the folder called 'Users' and saw that it doesn't have an AD symbol in the corner of the folder. This means that the folder is called a Container or CN as per the Search Base. If the Users folder had an AD symbol in the corner of the folder, then the folder is an Organisational Unit or OU for the Search Base which would change the above Search Base to OU=Users,DC=TEST,DC=internal . The DC part comes from the top where you can see TEST.internal.

    If I had my users stored under two or three different levels of folders (OU's or CN's), then I would need to change my Search Base. Lets pretend that the Users Folder (which is a Container) is kept in the folder called (Domain Controllers (DO NOT MOVE FOLDERS INTO ANY OTHER FOLDER UNLESS DIRECTED BY A NETWORK ADMINISTRATOR, THIS IS AN EXAMPLE ONLY)), then I would use the following Search Base.

    CN=Users,OU=Domain Controllers,DC=TEST,DC=internal

    Other Information Needed: Once you know the first two things, everything else becomes easy. The port number should left as standard unless the network admin has changed it (if they have then you want to run away because that network is going to be extremely complicated) and the last thing that you will need is a username and password capable of viewing the LDAP server. In just about all cases, you can simply get a new user created within Active Directory and that account will suffice for the search without making that user a member of the Domain Admins group or anything stupid.

    Not all MFD's are the same, so the username may have to be entered in as Domainname\Username or there might be a separate field for the domain name to be entered.

    So to cap this setup off as per the screenshot:

    LDAP Server: TEST.internal or the IP address of the server
    Search Base: CN=Users,DC=TEST,DC=internal
    Username: Any user with Active Directory but bear in mind that passwords normally need to be changed
    Password: Password associated with the username

    LDAP for Dummies.jpg
    Attached Files
    Please don't ask me for firmware or service manuals as refusal often offends.
  • fbkhan3
    Trusted Tech

    250+ Posts
    • May 2012
    • 421

    #2
    Re: LDAP for Dummies

    Much needed,have always looking for this sort of detail information for LDAP searches,

    Very Much appreciated! bless ya

    Cheer's !

    Comment

    • pfinn10
      Technician
      • Jun 2010
      • 46

      #3
      Re: LDAP for Dummies

      was browsing for something like this just a few days ago.
      much appreciated

      Comment

      • Hansoon
        Field Supervisor

        Site Contributor
        2,500+ Posts
        • Sep 2007
        • 3297

        #4
        Re: LDAP for Dummies

        Very handy. Thanks very much Owl.

        Hans
        " Sent from my Intel 80286 using MS-DOS 2.0 "

        Comment

        • JacekB
          Junior Member
          • Oct 2017
          • 5

          #5
          Re: LDAP for Dummies

          thx

          Comment

          • leo34staffs
            copierman

            Site Contributor
            500+ Posts
            • Aug 2007
            • 500

            #6
            Re: LDAP for Dummies

            Thanks for that info, also you can use LDAP search by changing the default port number from 389 to 3268, this is for microsoft networks and looks at the global directory. Its a quick way to set it up without using DC and OU settings, this is ideal for networks that dont have too many users.
            Networking skills are advantageous but use of a 3m vacuum cleaner is essential

            Comment

            • NeoMatrix
              Senior Tech.

              2,500+ Posts
              • Nov 2010
              • 3514

              #7
              Re: LDAP for Dummies

              For those who wish to delve further into the LDAP topic.

              The following link is how to do an LDAP server query using simple batch file and windows CMD interface.

              htttp://www.copytechnet.com/forums/connectivity/97276-all-one-i-t-tech-software.html#post693603



              ...
              Inauguration to the "AI cancel-culture" fraternity 1997...
              •••••• •••[§]• |N | € | o | M | Δ | t | π | ¡ | x | •[§]••• ••••••

              Comment

              Working...