[GRLUG] Looking for LDAP/ActiveDirectory coders.
Ben DeMott
ben.demott at gmail.com
Thu Jul 2 22:49:05 EDT 2009
Right, but how for example in Active Directory would you obtain this
information without Authenticating?
If you authenticate (BIND), you are using a UserPrincipalName which looks
like me at mycompany.local - which means you already know my Distinguished Name
or a combination of my samaaccountname and distinguished name (eek)
So then isn't that defeating the purpose? or am I not aware of some manner
to anonymously query Active Directory for its first DC ?
And I was referring to all of the account attributes that are proprietary
when I said they would be different - if nothing else ya gotta give me that
samaaccountname is proprietary and still needed.
On Thu, Jul 2, 2009 at 10:38 PM, Adam Tauno Williams <awilliam at whitemice.org
> wrote:
> >The biggest problem I've encountered with accessing Ldap Servers seeem to
> be Chicken and Egg
> issues.
> >Some ldap drivers require the domain you want to connect to. I don't want
> to connect to a
> Domain I want to connect to a Server -
> >And ask the server what domains it has present - this is different across
> most AD servers.
> >(almost none of this would be the same across Microsoft, IBM, Novell, Sun,
> and other directory servers)
>
> Actually it is, you need to perform the standard query for the rootDSE
> object by which the client can acquire this information.
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shinobu.grlug.org/pipermail/grlug/attachments/20090702/fc11ad1a/attachment.htm
More information about the grlug
mailing list