| Author | Messages | |
AD000001100
Posts:0
 | | 11/16/2005 6:01 AM |
| All,
I™m trying
to get an instance of Bugzilla to authenticate against AD. (Windows 2003 native
domain)
I™ve
created and account called: snvbug and put it in the default user™s
container for simplicity.
I™ve also
created a group called bugz101 and placed the users who I want to have access
to bugzilla in that group.
My search now
looks like this:
ldapsearch -v -h
$SERVER:3268 -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -x -W -b
"CN=Users,DC=opsware,DC=com" "(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)"
I™m still
not able to pull back and group membership info. Is my search string wrong?
I™ve
followed the instructions in the link below from a bugzilla newsgroup and still
no luck?!?!
Any help is
GREATLY appreciated.
Related link:
http://groups.google.com.au/group/netscape.public.mozilla.webtools/msg/b60eedc3602a222a?hl=en
Thanks,
Mike | | | |
| jmedeiros@xxxx.yyy
| | 11/16/2005 6:09 AM |
| Hi
Mike,
What's
your authentication mechanisnm in Bugzilla? Does it support NTLM and SMB
signing?
Sincerely,Jose MedeirosADP | National Account
ServicesProBusiness Division | Information Services925.737.7967 |
408-449-6621 CELL
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Mike
HogenauerSent: Wednesday, November 16, 2005 10:00 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] LDAP search
string.
All,
I™m trying
to get an instance of Bugzilla to authenticate against AD. (Windows 2003
native domain)
I™ve created
and account called: snvbug and put it in the default user™s container for
simplicity.
I™ve also
created a group called bugz101 and placed the users who I want to have access
to bugzilla in that group.
My search
now looks like this:
ldapsearch
-v -h $SERVER:3268 -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -x -W -b
"CN=Users,DC=opsware,DC=com"
"(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)"
I™m still
not able to pull back and group membership info. Is my search string wrong?
I™ve
followed the instructions in the link below from a bugzilla newsgroup and
still no luck?!?!
Any help is
GREATLY appreciated.
Related
link:
http://groups.google.com.au/group/netscape.public.mozilla.webtools/msg/b60eedc3602a222a?hl=en
Thanks,
Mike | | | |
| AD000001100
Posts:0
| | 11/16/2005 6:25 AM |
| I™m
pretty sure it SMB
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Medeiros, Jose
Sent: Wednesday, November 16, 2005
10:04 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] LDAP
search string.
Hi Mike,
What's your authentication mechanisnm in
Bugzilla? Does it support NTLM and SMB signing?
Sincerely,
Jose Medeiros
ADP | National Account Services
ProBusiness Division | Information Services
925.737.7967 | 408-449-6621 CELL
-----Original Message-----
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Mike
Hogenauer
Sent: Wednesday, November 16, 2005
10:00 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] LDAP search
string.
All,
I™m trying
to get an instance of Bugzilla to authenticate against AD. (Windows 2003 native
domain)
I™ve
created and account called: snvbug and put it in the default user™s
container for simplicity.
I™ve also
created a group called bugz101 and placed the users who I want to have access
to bugzilla in that group.
My search now
looks like this:
ldapsearch -v -h
$SERVER:3268 -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -x -W -b
"CN=Users,DC=opsware,DC=com" "(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)"
I™m still
not able to pull back and group membership info. Is my search string wrong?
I™ve
followed the instructions in the link below from a bugzilla newsgroup and still
no luck?!?!
Any help is
GREATLY appreciated.
Related link:
http://groups.google.com.au/group/netscape.public.mozilla.webtools/msg/b60eedc3602a222a?hl=en
Thanks,
Mike | | | |
| AD000001100
Posts:0
| | 11/16/2005 6:46 AM |
| Ok¦ So I
changed the port but it still pulls back the same info all related to the
account snvbug.
I was hoping
to get a list of members of the group bugz101.
dn:
CN=snvbug,CN=Users,DC=opsware,DC=com
objectClass:
top
objectClass:
person
objectClass:
organizationalPerson
objectClass:
user
cn: snvbug
givenName:
snvbug
distinguishedName:
CN=snvbug,CN=Users,DC=opsware,DC=com
instanceType:
4
whenCreated:
20051116162449.0Z
whenChanged:
20051116172242.0Z
displayName:
snvbug
uSNCreated:
1657770
memberOf:
CN=bugz101,CN=Users,DC=opsware,DC=com
uSNChanged:
1659527
name: snvbug
objectGUID::
gbZWZ+4yckewq8dCkrkBFg==
userAccountControl:
66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime:
127766401222018909
lastLogoff: 0
lastLogon:
127766401346237659
pwdLastSet:
127766319749346878
primaryGroupID:
513
objectSid::
AQUAAAAAAAUVAAAA+/wD/n6lJum0kYZLvmYAAA==
accountExpires:
9223372036854775807
logonCount: 0
sAMAccountName:
snvbug
sAMAccountType:
805306368
userPrincipalName:
snvbug@xxxxxxxxxxx
objectCategory:
CN=Person,CN=Schema,CN=Configuration,DC=opsware,DC=com
dSCorePropagationData:
20051116172242.0Z
dSCorePropagationData:
20051116172242.0Z
dSCorePropagationData:
20051116172242.0Z
dSCorePropagationData:
20051116171656.0Z
dSCorePropagationData:
16010108151056.0Z
lastLogonTimestamp:
127766343852388433
# search
result
search: 2
result: 0
Success
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of TIROA YANN
Sent: Wednesday, November 16, 2005
10:20 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE : [ActiveDir]
LDAP search string.
Hi,
The memebrof attribute is not replicated to the global
catalog (port 3268), so you did not find it at all.
Change the GC port (3268) to DC port (389).
So just modify your request as followed
ldapsearch -v -h $SERVER:389 -D
"CN=snvbug,CN=Users,DC=opsware,DC=com" -x -W -b
"CN=Users,DC=opsware,DC=com"
"(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)"
Yann
De:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx de la part de Mike
Hogenauer
Date: mer. 16/11/2005 18:59
Ã: ActiveDir@xxxxxxxxxxxxxxxxxx
Objet : [ActiveDir] LDAP search
string.
All,
I™m trying
to get an instance of Bugzilla to authenticate against AD. (Windows 2003 native
domain)
I™ve
created and account called: snvbug and put it in the default user™s container
for simplicity.
I™ve also
created a group called bugz101 and placed the users who I want to have access
to bugzilla in that group.
My search now
looks like this:
ldapsearch -v -h
$SERVER:3268 -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -x -W -b
"CN=Users,DC=opsware,DC=com"
"(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)"
I™m still
not able to pull back and group membership info. Is my search string wrong?
I™ve
followed the instructions in the link below from a bugzilla newsgroup and still
no luck?!?!
Any help is
GREATLY appreciated.
Related link:
http://groups.google.com.au/group/netscape.public.mozilla.webtools/msg/b60eedc3602a222a?hl=en
Thanks,
Mike | | | |
| listmail
Posts:497
| | 11/16/2005 7:34 AM |
| If you want a list of all users in that group, query for
the group and return the member attribute. If it is possible someone used that
group for a primary group then you have to go a step further. If you have to
handle group nesting you will have to do more than a simple LDAP
query.
joe
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Mike
HogenauerSent: Wednesday, November 16, 2005 1:45 PMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] LDAP search
string.
Ok? So I
changed the port but it still pulls back the same info all related to the
account snvbug.
I was hoping
to get a list of members of the group bugz101.
dn:
CN=snvbug,CN=Users,DC=opsware,DC=com
objectClass:
top
objectClass:
person
objectClass:
organizationalPerson
objectClass:
user
cn:
snvbug
givenName:
snvbug
distinguishedName:
CN=snvbug,CN=Users,DC=opsware,DC=com
instanceType:
4
whenCreated:
20051116162449.0Z
whenChanged:
20051116172242.0Z
displayName:
snvbug
uSNCreated:
1657770
memberOf:
CN=bugz101,CN=Users,DC=opsware,DC=com
uSNChanged:
1659527
name:
snvbug
objectGUID::
gbZWZ+4yckewq8dCkrkBFg==
userAccountControl:
66048
badPwdCount:
0
codePage:
0
countryCode:
0
badPasswordTime:
127766401222018909
lastLogoff:
0
lastLogon:
127766401346237659
pwdLastSet:
127766319749346878
primaryGroupID:
513
objectSid::
AQUAAAAAAAUVAAAA+/wD/n6lJum0kYZLvmYAAA==
accountExpires:
9223372036854775807
logonCount:
0
sAMAccountName:
snvbug
sAMAccountType:
805306368
userPrincipalName:
snvbug@xxxxxxxxxxx
objectCategory:
CN=Person,CN=Schema,CN=Configuration,DC=opsware,DC=com
dSCorePropagationData:
20051116172242.0Z
dSCorePropagationData:
20051116172242.0Z
dSCorePropagationData:
20051116172242.0Z
dSCorePropagationData:
20051116171656.0Z
dSCorePropagationData:
16010108151056.0Z
lastLogonTimestamp:
127766343852388433
# search
result
search:
2
result: 0
Success
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of TIROA
YANNSent: Wednesday, November
16, 2005 10:20 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE : [ActiveDir] LDAP search
string.
Hi,
The memebrof attribute is not
replicated to the global catalog (port 3268), so you did not find it at
all.
Change the GC port (3268) to DC port
(389).
So just modify your request as
followed
ldapsearch
-v -h $SERVER:389 -D
"CN=snvbug,CN=Users,DC=opsware,DC=com" -x -W -b "CN=Users,DC=opsware,DC=com"
"(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)"
Yann
De:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx de la part de Mike
HogenauerDate: mer. 16/11/2005 18:59À: ActiveDir@xxxxxxxxxxxxxxxxxxObjet : [ActiveDir] LDAP search string.
All,
I?m trying to
get an instance of Bugzilla to authenticate against AD. (Windows 2003 native
domain)
I?ve created
and account called: snvbug and put it in the default user?s container for
simplicity.
I?ve also
created a group called bugz101 and placed the users who I want to have access to
bugzilla in that group.
My search now
looks like this:
ldapsearch
-v -h $SERVER:3268 -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -x -W -b
"CN=Users,DC=opsware,DC=com"
"(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)"
I?m still not
able to pull back and group membership info. Is my search string wrong?
I?ve followed
the instructions in the link below from a bugzilla newsgroup and still no
luck?!?!
Any help is
GREATLY appreciated.
Related
link:
http://groups.google.com.au/group/netscape.public.mozilla.webtools/msg/b60eedc3602a222a?hl=en
Thanks,
Mike | | | |
| jmedeiros@xxxx.yyy
| | 11/16/2005 7:50 AM |
| I am
thinking that it's probably using SAMBA www.samba.org. Last time I spoke with Jeremy
Allison from the Samba team he suggested turning off SMB signing and accepting
LAN Manger based authentication in your domain security policy. However the
samba team is working on incorporating these higher level security features in
the new release which may now be available.
Sincerely,Jose MedeirosADP | National Account
ServicesProBusiness Division | Information Services925.737.7967 |
408-449-6621 CELL
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Mike
HogenauerSent: Wednesday, November 16, 2005 10:15 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] LDAP search
string.
I™m pretty
sure it SMB
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Medeiros,
JoseSent: Wednesday,
November 16, 2005 10:04 AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] LDAP search
string.
Hi Mike,
What's your
authentication mechanism in Bugzilla? Does it support NTLM and SMB
signing?
Sincerely,Jose MedeirosADP | National Account
ServicesProBusiness Division | Information Services925.737.7967 |
408-449-6621 CELL
-----Original
Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Mike HogenauerSent: Wednesday, November 16, 2005
10:00 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] LDAP search
string.
All,
I™m trying
to get an instance of Bugzilla to authenticate against AD. (Windows 2003
native domain)
I™ve
created and account called: snvbug and put it in the default user™s
container for simplicity.
I™ve also
created a group called bugz101 and placed the users who I want to have
access to bugzilla in that group.
My search
now looks like this:
ldapsearch
-v -h $SERVER:3268 -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -x -W -b
"CN=Users,DC=opsware,DC=com"
"(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)"
I™m still
not able to pull back and group membership info. Is my search string wrong?
I™ve
followed the instructions in the link below from a bugzilla newsgroup and
still no luck?!?!
Any help
is GREATLY appreciated.
Related
link:
http://groups.google.com.au/group/netscape.public.mozilla.webtools/msg/b60eedc3602a222a?hl=en
Thanks,
Mike | | | |
| AD000001348
Posts:0
| | 11/16/2005 8:28 AM |
| Something like:
ldapsearch -h hostname -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -W -b
"dc=opsware,dc=com" "cn=bugz101,cn=users,dc=opsware,dc=com" memberOf
should give you the results you want. You want to search the group for the
members vs. searching for users that are a memberOF the group because you
already know the group name and it's location. You just don't yet know the
members of that group.
Otherwise, you might search user objects to evaluate which ones have the
member attribute set to cn=bugz101 etc. That would be a much more expensive
query in my mind.
Al
From: "Mike Hogenauer"
Reply-To: ActiveDir@xxxxxxxxxxxxxxxxxx
To:
Subject: RE: [ActiveDir] LDAP search string. Date: Wed, 16 Nov 2005
10:45:09 -0800
Ok... So I changed the port but it still pulls back the same info all
related to the account snvbug.
I was hoping to get a list of members of the group bugz101.
dn: CN=snvbug,CN=Users,DC=opsware,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: snvbug
givenName: snvbug
distinguishedName: CN=snvbug,CN=Users,DC=opsware,DC=com
instanceType: 4
whenCreated: 20051116162449.0Z
whenChanged: 20051116172242.0Z
displayName: snvbug
uSNCreated: 1657770
memberOf: CN=bugz101,CN=Users,DC=opsware,DC=com
uSNChanged: 1659527
name: snvbug
objectGUID:: gbZWZ+4yckewq8dCkrkBFg==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 127766401222018909
lastLogoff: 0
lastLogon: 127766401346237659
pwdLastSet: 127766319749346878
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA+/wD/n6lJum0kYZLvmYAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: snvbug
sAMAccountType: 805306368
userPrincipalName: snvbug@xxxxxxxxxxx
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=opsware,DC=com
dSCorePropagationData: 20051116172242.0Z
dSCorePropagationData: 20051116172242.0Z
dSCorePropagationData: 20051116172242.0Z
dSCorePropagationData: 20051116171656.0Z
dSCorePropagationData: 16010108151056.0Z
lastLogonTimestamp: 127766343852388433
# search result
search: 2
result: 0 Success
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of TIROA YANN
Sent: Wednesday, November 16, 2005 10:20 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE : [ActiveDir] LDAP search string.
Hi,
The memebrof attribute is not replicated to the global catalog (port 3268),
so you did not find it at all.
Change the GC port (3268) to DC port (389).
So just modify your request as followed
ldapsearch -v -h $SERVER:389 -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -x
-W -b "CN=Users,DC=opsware,DC=com"
"(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)"
Yann
________________________________
De: ActiveDir-owner@xxxxxxxxxxxxxxxxxx de la part de Mike Hogenauer
Date: mer. 16/11/2005 18:59
À: ActiveDir@xxxxxxxxxxxxxxxxxx
Objet : [ActiveDir] LDAP search string.
All,
I'm trying to get an instance of Bugzilla to authenticate against AD.
(Windows 2003 native domain)
I've created and account called: snvbug and put it in the default user's
container for simplicity.
I've also created a group called bugz101 and placed the users who I want to
have access to bugzilla in that group.
My search now looks like this:
ldapsearch -v -h $SERVER:3268 -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -x
-W -b "CN=Users,DC=opsware,DC=com"
"(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)"
I'm still not able to pull back and group membership info. Is my search
string wrong?
I've followed the instructions in the link below from a bugzilla newsgroup
and still no luck?!?!
Any help is GREATLY appreciated.
Related link:
http://groups.google.com.au/group/netscape.public.mozilla.webtools/msg/b60eedc3602a222a?hl=en
Thanks,
Mike
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD000001100
Posts:0
| | 11/16/2005 9:12 AM |
| THANKS!!
That seems to work!
Mike
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Al Mulnick
Sent: Wednesday, November 16, 2005 11:59 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] LDAP search string.
Something like:
ldapsearch -h hostname -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -W -b
"dc=opsware,dc=com" "cn=bugz101,cn=users,dc=opsware,dc=com" memberOf
should give you the results you want. You want to search the group for the
members vs. searching for users that are a memberOF the group because you
already know the group name and it's location. You just don't yet know the
members of that group.
Otherwise, you might search user objects to evaluate which ones have the
member attribute set to cn=bugz101 etc. That would be a much more expensive
query in my mind.
Al
>From: "Mike Hogenauer"
>Reply-To: ActiveDir@xxxxxxxxxxxxxxxxxx
>To:
>Subject: RE: [ActiveDir] LDAP search string. Date: Wed, 16 Nov 2005
>10:45:09 -0800
>
>Ok... So I changed the port but it still pulls back the same info all
>related to the account snvbug.
>
>I was hoping to get a list of members of the group bugz101.
>
>
>
>dn: CN=snvbug,CN=Users,DC=opsware,DC=com
>
>objectClass: top
>
>objectClass: person
>
>objectClass: organizationalPerson
>
>objectClass: user
>
>cn: snvbug
>
>givenName: snvbug
>
>distinguishedName: CN=snvbug,CN=Users,DC=opsware,DC=com
>
>instanceType: 4
>
>whenCreated: 20051116162449.0Z
>
>whenChanged: 20051116172242.0Z
>
>displayName: snvbug
>
>uSNCreated: 1657770
>
>memberOf: CN=bugz101,CN=Users,DC=opsware,DC=com
>
>uSNChanged: 1659527
>
>name: snvbug
>
>objectGUID:: gbZWZ+4yckewq8dCkrkBFg==
>
>userAccountControl: 66048
>
>badPwdCount: 0
>
>codePage: 0
>
>countryCode: 0
>
>badPasswordTime: 127766401222018909
>
>lastLogoff: 0
>
>lastLogon: 127766401346237659
>
>pwdLastSet: 127766319749346878
>
>primaryGroupID: 513
>
>objectSid:: AQUAAAAAAAUVAAAA+/wD/n6lJum0kYZLvmYAAA==
>
>accountExpires: 9223372036854775807
>
>logonCount: 0
>
>sAMAccountName: snvbug
>
>sAMAccountType: 805306368
>
>userPrincipalName: snvbug@xxxxxxxxxxx
>
>objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=opsware,DC=com
>
>dSCorePropagationData: 20051116172242.0Z
>
>dSCorePropagationData: 20051116172242.0Z
>
>dSCorePropagationData: 20051116172242.0Z
>
>dSCorePropagationData: 20051116171656.0Z
>
>dSCorePropagationData: 16010108151056.0Z
>
>lastLogonTimestamp: 127766343852388433
>
>
>
># search result
>
>search: 2
>
>result: 0 Success
>
>
>
>
>
>
>
>________________________________
>
>From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of TIROA YANN
>Sent: Wednesday, November 16, 2005 10:20 AM
>To: ActiveDir@xxxxxxxxxxxxxxxxxx
>Subject: RE : [ActiveDir] LDAP search string.
>
>
>
>Hi,
>
>
>
>The memebrof attribute is not replicated to the global catalog (port 3268),
>so you did not find it at all.
>
>
>
>Change the GC port (3268) to DC port (389).
>
>So just modify your request as followed
>
>ldapsearch -v -h $SERVER:389 -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -x
>-W -b "CN=Users,DC=opsware,DC=com"
>"(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)"
>
>
>
>Yann
>
>________________________________
>
>De: ActiveDir-owner@xxxxxxxxxxxxxxxxxx de la part de Mike Hogenauer
>Date: mer. 16/11/2005 18:59
>À: ActiveDir@xxxxxxxxxxxxxxxxxx
>Objet : [ActiveDir] LDAP search string.
>
>All,
>
>
>
>I'm trying to get an instance of Bugzilla to authenticate against AD.
>(Windows 2003 native domain)
>
>I've created and account called: snvbug and put it in the default user's
>container for simplicity.
>
>I've also created a group called bugz101 and placed the users who I want to
>have access to bugzilla in that group.
>
>
>
>My search now looks like this:
>
>
>
>ldapsearch -v -h $SERVER:3268 -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -x
>-W -b "CN=Users,DC=opsware,DC=com"
>"(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)"
>
>
>
>I'm still not able to pull back and group membership info. Is my search
>string wrong?
>
>I've followed the instructions in the link below from a bugzilla newsgroup
>and still no luck?!?!
>
>
>
>Any help is GREATLY appreciated.
>
>
>
>Related link:
>
>http://groups.google.com.au/group/netscape.public.mozilla.webtools/msg/b60eedc3602a222a?hl=en
>
>
>
>Thanks,
>
>Mike
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| listmail
Posts:497
| | 11/18/2005 3:28 AM |
| I think when Al said
Otherwise, you might search user objects to evaluate which ones have the
member attribute set to cn=bugz101 etc.
He meant
Otherwise, you might search user objects to evaluate which ones have the
memberof attribute set to cn=bugz101,blah,blah,blah,dc=com etc.
Also, on this line
That would be a much more expensive query in my mind.
Note that in Windows 2000 this was definitely the case, it was MUCH MUCH
MUCH slower quering the backlinks than the forward links. Microsoft made
stellar advances here for Windows Server 2003 due to fully using the
implicit index that exists for linked value attributes. The main point of
slowness I have seen now in the difference between the two mechanisms is the
time required to return the objects across the network since chasing
backlinks returns multiple objects and looking at the forward link returns
multiple values for a single object.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Al Mulnick
Sent: Wednesday, November 16, 2005 2:59 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] LDAP search string.
Something like:
ldapsearch -h hostname -D "CN=snvbug,CN=Users,DC=opsware,DC=com" -W -b
"dc=opsware,dc=com" "cn=bugz101,cn=users,dc=opsware,dc=com" memberOf
should give you the results you want. You want to search the group for the
members vs. searching for users that are a memberOF the group because you
already know the group name and it's location. You just don't yet know the
members of that group.
Otherwise, you might search user objects to evaluate which ones have the
member attribute set to cn=bugz101 etc. That would be a much more expensive
query in my mind.
Al
>From: "Mike Hogenauer"
>Reply-To: ActiveDir@xxxxxxxxxxxxxxxxxx
>To:
>Subject: RE: [ActiveDir] LDAP search string. Date: Wed, 16 Nov 2005
>10:45:09 -0800
>
>Ok... So I changed the port but it still pulls back the same info all
>related to the account snvbug.
>
>I was hoping to get a list of members of the group bugz101.
>
>
>
>dn: CN=snvbug,CN=Users,DC=opsware,DC=com
>
>objectClass: top
>
>objectClass: person
>
>objectClass: organizationalPerson
>
>objectClass: user
>
>cn: snvbug
>
>givenName: snvbug
>
>distinguishedName: CN=snvbug,CN=Users,DC=opsware,DC=com
>
>instanceType: 4
>
>whenCreated: 20051116162449.0Z
>
>whenChanged: 20051116172242.0Z
>
>displayName: snvbug
>
>uSNCreated: 1657770
>
>memberOf: CN=bugz101,CN=Users,DC=opsware,DC=com
>
>uSNChanged: 1659527
>
>name: snvbug
>
>objectGUID:: gbZWZ+4yckewq8dCkrkBFg==
>
>userAccountControl: 66048
>
>badPwdCount: 0
>
>codePage: 0
>
>countryCode: 0
>
>badPasswordTime: 127766401222018909
>
>lastLogoff: 0
>
>lastLogon: 127766401346237659
>
>pwdLastSet: 127766319749346878
>
>primaryGroupID: 513
>
>objectSid:: AQUAAAAAAAUVAAAA+/wD/n6lJum0kYZLvmYAAA==
>
>accountExpires: 9223372036854775807
>
>logonCount: 0
>
>sAMAccountName: snvbug
>
>sAMAccountType: 805306368
>
>userPrincipalName: snvbug@xxxxxxxxxxx
>
>objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=opsware,DC=com
>
>dSCorePropagationData: 20051116172242.0Z
>
>dSCorePropagationData: 20051116172242.0Z
>
>dSCorePropagationData: 20051116172242.0Z
>
>dSCorePropagationData: 20051116171656.0Z
>
>dSCorePropagationData: 16010108151056.0Z
>
>lastLogonTimestamp: 127766343852388433
>
>
>
># search result
>
>search: 2
>
>result: 0 Success
>
>
>
>
>
>
>
>________________________________
>
>From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of TIROA YANN
>Sent: Wednesday, November 16, 2005 10:20 AM
>To: ActiveDir@xxxxxxxxxxxxxxxxxx
>Subject: RE : [ActiveDir] LDAP search string.
>
>
>
>Hi,
>
>
>
>The memebrof attribute is not replicated to the global catalog (port
>3268), so you did not find it at all.
>
>
>
>Change the GC port (3268) to DC port (389).
>
>So just modify your request as followed
>
>ldapsearch -v -h $SERVER:389 -D "CN=snvbug,CN=Users,DC=opsware,DC=com"
>-x -W -b "CN=Users,DC=opsware,DC=com"
>"(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)"
>
>
>
>Yann
>
>________________________________
>
>De: ActiveDir-owner@xxxxxxxxxxxxxxxxxx de la part de Mike Hogenauer
>Date: mer. 16/11/2005 18:59
>À: ActiveDir@xxxxxxxxxxxxxxxxxx
>Objet : [ActiveDir] LDAP search string.
>
>All,
>
>
>
>I'm trying to get an instance of Bugzilla to authenticate against AD.
>(Windows 2003 native domain)
>
>I've created and account called: snvbug and put it in the default
>user's container for simplicity.
>
>I've also created a group called bugz101 and placed the users who I
>want to have access to bugzilla in that group.
>
>
>
>My search now looks like this:
>
>
>
>ldapsearch -v -h $SERVER:3268 -D "CN=snvbug,CN=Users,DC=opsware,DC=com"
>-x -W -b "CN=Users,DC=opsware,DC=com"
>"(memberOf=CN=bugz101,CN=Users,DC=opsware,DC=com)"
>
>
>
>I'm still not able to pull back and group membership info. Is my search
>string wrong?
>
>I've followed the instructions in the link below from a bugzilla
>newsgroup and still no luck?!?!
>
>
>
>Any help is GREATLY appreciated.
>
>
>
>Related link:
>
>http://groups.google.com.au/group/netscape.public.mozilla.webtools/msg/
>b60eedc3602a222a?hl=en
>
>
>
>Thanks,
>
>Mike
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
|
|