The biggest problem I've encountered with accessing Ldap Servers seeem to be Chicken and Egg issues.<br>Some ldap drivers require the domain you want to connect to. I don't want to connect to a Domain I want to connect to a Server -<br>
And ask the server what domains it has present - this is different across most AD servers.<br><br>When you Bind to Active Directory through LDAP there is no way of knowing if the server isn't running ldap services, your bind failed, or the user doesn't exist.<br>
So you have to have a USER that you KNOW exists and that you KNOW has credentials to the server - if that user cannot bind you can assume the server is unavailable or in fault - they all seem to deal with this issue a bit differently as well (microsoft AD deals with it the poorest).<br>
You also have to know a DOMAIN that exists and a user that belongs to that domain.<br><br>For security reasons its nice to know when someone tried to login 10 times to their own account with the wrong password, vs 1000 attempts to random user accounts or random domains that didn't exist.<br>
<br>I suppose DBMS have the same issue - how do you query information schema for a list of databases without connecting to a database - thats why most databases implement some sort of standard database that is always present (in the case of PostgreSQL the database postgre is always present)<br>
<br>(almost none of this would be the same across Microsoft, IBM, Novell, Sun, and other directory servers)<br><br>And samaaccountname Really Microsoft? From NT4 are you serious? <br><br> $accountSettings['accountName'] = $result[0]["samaccountname"][0];
<br> $accountSettings['firstName'] = $result[0]["givenName"][0];
<br> $accountSettings['lastName'] = $result[0]["sn"][0];
<br> $accountSettings['fullName'] = $result[0]["displayName"][0];
<br> $accountSettings['email'] = $result[0]["mail"][0];
<br> $accountSettings['homeFolder'] = $result[0]["homeDirectory"][0];
<br> $accountSettings['homeDrive'] = $result[0]["homeDrive"][0];
<br> $accountSettings['mailboxStore'] = $result[0]["homeMDB"][0];
<br> $accountSettings['logonScript'] = $result[0]["scriptPath"][0];
<br> $accountSettings['dialin'] = $result[0]["msNPAllowDialin"][0];
<br> $accountSettings['object'] = $result[0]["objectCategory"][0];
<br> $accountSettings['logonLast'] = $result[0]["lastlogon"][0];
<br> $accountSettings['logonCount'] = $result[0]["logonCount"][0];
<br> $accountSettings['modified'] = $result[0]["whenChanged"][0];
<br> $accountSettings['created'] = $result[0]["whenCreate"][0];
<br> $accountSettings['passwordSet'] = $result[0]["pwdLastSet"][0];
<br> $accountSettings['passwordAttempts'] = $result[0]["badPwdCount"][0];<br><br><div class="gmail_quote">On Thu, Jul 2, 2009 at 10:08 PM, Adam Tauno Williams <span dir="ltr"><<a href="mailto:awilliam@whitemice.org">awilliam@whitemice.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">> > I'm actually going to be diong some LDAP work with (what was formely known<br>
> > as) Fedora Directory Server and using python's ldap interface for the first<br>
> > time - not sure what you are looking for exactly but if you need some code<br>
> > examples I would be happy to help ??<br>
> These are the two tasks that currently exist...<br>
> <a href="http://rosettacode.org/wiki/Connect_to_Active_Directory" target="_blank">http://rosettacode.org/wiki/Connect_to_Active_Directory</a><br>
> <a href="http://rosettacode.org/wiki/Search_for_a_User_in_Active_Directory" target="_blank">http://rosettacode.org/wiki/Search_for_a_User_in_Active_Directory</a><br>
> They're currently only solved in VBScript and Tcl. Python (and any<br>
> other language) examples would be awesome. As would be some more<br>
> practical task suggestions in the LDAP/ActiveDirectory domain.<br>
<br>
</div>Both these tasks should be generic LDAP provided you have SASL binding.<br>
<div><div></div><div class="h5"><br>
_______________________________________________<br>
grlug mailing list<br>
<a href="mailto:grlug@grlug.org">grlug@grlug.org</a><br>
<a href="http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug" target="_blank">http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug</a><br>
</div></div></blockquote></div><br>