begging for help

Andy Boersma andy at boersma.ca
Fri Mar 6 21:23:46 UTC 2009


Hi Ken,

You are totally correct, documentation sucks huge buckets in LDAP.

I had to spend some time figuring it out, from bad examples.

Here are working queries, to query active directories.

 

Hope this helps you.

 

Andy

 

1st Query

select sAMAccountName name from ou=ProdUsers, ou=users, ou=city,  ou=am,
ou=pkg, ou=Prod where objectCategory=user

This query gives me a list of users.

 

2nd Query

select sAMAccountName name from ou=ProdUsers, ou=users, ou=city, ou=am,
ou=pkg, ou=Prod where objectCategory=user and sAMAccountName=?

Using logon-name xmii1admin, lists admin.

 

3rd Query

select name from ou=Groups, ou=xMII-SAP-SFDC,  ou=am, ou=pkg, ou=Prod 

This query lists the groups. 

 

4th Query

select name from ou=Groups, ou=xMII-SAP-SFDC,  ou=am, ou=pkg, ou=Prod  where
name=?

Given the group xMII_Admin, it finds the group xMII_Admin and lists it.

 

5th Query

select cn FullName, mail EmailAddress1 from ou=ProdUsers, ou=users, ou=city,
ou=am, ou=pkg, ou=Prod where sAMAccountName=?

Give the user xMII1Admin, it displays the emailaddress and full name of
user.

 

 

6th Query

select cn FullName, mail EmailAddress1 from ou=Groups, ou=xMII-SAP-SFDC,
ou=am, ou=pkg, ou=Prod where sAMAccountName=?

Give the role/group xMII_Admin it returns the role name, we do not have a
e-mail address as part of a group

 

7th Query

select distinguishedName from ou=ProdUsers, ou=users, ou=city, ou=am,
ou=pkg, ou=Prod  where objectCategory=user and sAMAccountName=?

Given the user name xMII1Admin, I get the full DN

 

8th Query

select name from ou=ProdUser, ou=users, ou=City, ou=am, ou=pkg, ou=Prod
where objectCategory=group and member=?

 

 

9th Query

select distinguishedName from ou=ProdUsers, ou=users, ou=city, ou=am,
ou=pkg, ou=Prod where objectCategory=group and name=?

 

 

10th Query

select sAMAccountName name from ou=ProdUsers, ou=users, ou=city, ou=am,
ou=pkg, ou=Prod where objectCategory=user and memberOf? 

 

 

 

 

 

  _____  

From: ubuntu-ca-bounces at lists.ubuntu.com
[mailto:ubuntu-ca-bounces at lists.ubuntu.com] On Behalf Of Kenneth Hawkins
Sent: March-06-09 3:55 PM
To: The Canadian Ubuntu Users Community
Subject: begging for help

 

Howdy all

Anyone here proficient in LDAP? I have been following a tutorial from
help.ubuntu.com, but it is wrong somewhere in the syntax, and I cannot find
the error. When I contacted the person whose name was attached to the
article, he said that all he had done was some minor edit; apparently  the
last contributor gets listed as author. 

I have done many long jobs in linux over the years (net install debian &
built web servers from source, VM's back when QEMU was the only game, etc)
but I have never experienced such a lack of (useful) resources for something
which is supposed to be the killer app for enterprise user management.....I
am really getting sick & tired of LDAP how-to's/tutorials that NEVER work as
described. I have tried at least 6 different versions over the last few
months, and NOT A SINGLE ONE works as the author claims. In a couple of
cases, when I contacted them directly, I was basically told RTFM or man
slapd.....is there some level of arrogance that comes with LDAP proficiency?

I have a very basic ubuntu 8.04 LTS server, with up-to-date openldap from
repos. The sole purpose of this server is going to be Centralized login, and
addressbook. 

Thanks in advance for any pointers, or even a link to an LDAP howto that
actually works......


Ken




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-ca/attachments/20090306/a68121b2/attachment.html>


More information about the ubuntu-ca mailing list