Re: LDAP for Dummies
For those who wish to delve further into the LDAP topic.
The following link is how to do an LDAP server query using simple batch file and windows CMD interface.
htttp://www.copytechnet.com/forums/connectivity/97276-all-one-i-t-tech-software.html#post693603
...
LDAP for Dummies
Collapse
X
-
Re: LDAP for Dummies
Thanks for that info, also you can use LDAP search by changing the default port number from 389 to 3268, this is for microsoft networks and looks at the global directory. Its a quick way to set it up without using DC and OU settings, this is ideal for networks that dont have too many users.Leave a comment:
-
Re: LDAP for Dummies
was browsing for something like this just a few days ago.
much appreciatedLeave a comment:
-
Re: LDAP for Dummies
Much needed,have always looking for this sort of detail information for LDAP searches,
Very Much appreciated! bless ya
Cheer's !Leave a comment:
-
LDAP for Dummies
This is a quick How-To for LDAP.
Now alot of people ask the question 'How do I setup LDAP' and usually don't understand how to get the information required to input into their MFD to enable LDAP Searches.
LDAP Stands for Light-weight Directory Access Protocol and can be installed on Linux based systems, Mac Serves and is included with Active Directory and Novell Networks. I am going to use Active Directory as the example as there are more AD based systems than any other.
So the first two main pieces of information you are going to need are the LDAP Server Name and the Search Base.
LDAP Server Name: The easiest way to figure this out is to go to the command prompt and type in 'ipconfig' (with out the quotation marks) and then look at the 'Connection-specific DNS Suffix'. The name written here should be the same as the internal FQDN (Fully Qualified Domain Name). If you ping this, you will get a response from the closest Domain Controller which includes LDAP. Even if there is only only DC in the network, it will respond. You can either use the 'Connection-specific DNS Suffix' name or you can use the IP address that the ping came back from. The other way is to open up Active Directory on the Domain Controller and look for the symbol that looks like 3 servers. The name next to this will be the internal FQDN.
Search Base: The easiest way to get the search base information (if you want to put in a search base as this is optional on a lot of different MFD's) is to open Active Directory and then find the folder that contains all of the users. In the picture below, we are looking at my test server with AD installed and we can see that I have the Users Container open. If I only wanted the MFD to be able to search through that list, then I would use the following Search Base.
CN=Users,DC=TEST,DC=internal
How I got this is by looking at the folder called 'Users' and saw that it doesn't have an AD symbol in the corner of the folder. This means that the folder is called a Container or CN as per the Search Base. If the Users folder had an AD symbol in the corner of the folder, then the folder is an Organisational Unit or OU for the Search Base which would change the above Search Base to OU=Users,DC=TEST,DC=internal . The DC part comes from the top where you can see TEST.internal.
If I had my users stored under two or three different levels of folders (OU's or CN's), then I would need to change my Search Base. Lets pretend that the Users Folder (which is a Container) is kept in the folder called (Domain Controllers (DO NOT MOVE FOLDERS INTO ANY OTHER FOLDER UNLESS DIRECTED BY A NETWORK ADMINISTRATOR, THIS IS AN EXAMPLE ONLY)), then I would use the following Search Base.
CN=Users,OU=Domain Controllers,DC=TEST,DC=internal
Other Information Needed: Once you know the first two things, everything else becomes easy. The port number should left as standard unless the network admin has changed it (if they have then you want to run away because that network is going to be extremely complicated) and the last thing that you will need is a username and password capable of viewing the LDAP server. In just about all cases, you can simply get a new user created within Active Directory and that account will suffice for the search without making that user a member of the Domain Admins group or anything stupid.
Not all MFD's are the same, so the username may have to be entered in as Domainname\Username or there might be a separate field for the domain name to be entered.
So to cap this setup off as per the screenshot:
LDAP Server: TEST.internal or the IP address of the server
Search Base: CN=Users,DC=TEST,DC=internal
Username: Any user with Active Directory but bear in mind that passwords normally need to be changed
Password: Password associated with the username
LDAP for Dummies.jpgAttached Files
Leave a comment: