I've been poking at this on and off over the past few months, never having much success. I was never sure what sort of crazy query string the AD server wanted. But then it occurred to me that my Linux Evolution email client does this without any problems-- only using the IP address of the Active Directory LDAP server. I can query/search, and it immediately returns all matches.
How can it do this without the big ugly "cn=users,dc=foo,dc=blah,o=acme......" string ?
Since this is obviously possible and simple (except for me), how could I do this same simple query in perl-- only armed with the IP address of my AD/LDAP server?
> I've been poking at this on and off over the past few months, never > having much success. I was never sure what sort of crazy query string > the AD server wanted. But then it occurred to me that my Linux > Evolution email client does this without any problems-- only using the > IP address of the Active Directory LDAP server. I can query/search, > and it immediately returns all matches.
> How can it do this without the big ugly > "cn=users,dc=foo,dc=blah,o=acme......" string ?
> Since this is obviously possible and simple (except for me), how could > I do this same simple query in perl-- only armed with the IP address > of my AD/LDAP server?
> Curiously, > JS
Google "LDAP query syntax", and you will find a whole bunch of information about querying AD via LDAP.
> > I've been poking at this on and off over the past few months, never > > having much success. I was never sure what sort of crazy query string > > the AD server wanted. But then it occurred to me that my Linux > > Evolution email client does this without any problems-- only using the > > IP address of the Active Directory LDAP server. I can query/search, > > and it immediately returns all matches.
> > How can it do this without the big ugly > > "cn=users,dc=foo,dc=blah,o=acme......" string ?
> > Since this is obviously possible and simple (except for me), how could > > I do this same simple query in perl-- only armed with the IP address > > of my AD/LDAP server?
> > Curiously, > > JS
> Google "LDAP query syntax", and you will find a whole bunch of information > about querying AD via LDAP.
Yes, google returns many articles mentioning query strings, such as:
But back to my original question-- Evolution doesn't seem to need any of this. In Evolution, you simply give it the IP address of your AD/ LDAP server and it all magically works. Evolution is running on a linux box, which has no knowledge of the query string variables.
I even tried running a tcpdump on the connection to figure out what it was doing but couldn't figure it out.
> > I've been poking at this on and off over the past few months, never > > having much success. I was never sure what sort of crazy query string > > the AD server wanted. But then it occurred to me that my Linux > > Evolution email client does this without any problems-- only using the > > IP address of the Active Directory LDAP server. I can query/search, > > and it immediately returns all matches.
> > How can it do this without the big ugly > > "cn=users,dc=foo,dc=blah,o=acme......" string ?
> > Since this is obviously possible and simple (except for me), how could > > I do this same simple query in perl-- only armed with the IP address > > of my AD/LDAP server?
> > Curiously, > > JS
> Google "LDAP query syntax", and you will find a whole bunch of information > about querying AD via LDAP. >Yes, google returns many articles mentioning query strings, such as:
>But back to my original question-- Evolution doesn't seem to need any >of this. In Evolution, you simply give it the IP address of your AD/ >LDAP server and it all magically works. Evolution is running on a >linux box, which has no knowledge of the query string variables.
>I even tried running a tcpdump on the connection to figure out what it >was doing but couldn't figure it out.
You obviously haven't read them, if you did you would know how to do this. You need only to specify the CN to search for, the base DN (where to start the search) along with setting the appropriate seach scope (i.e. subtree).
> > > I've been poking at this on and off over the past few months, never > > > having much success. I was never sure what sort of crazy query string > > > the AD server wanted. But then it occurred to me that my Linux > > > Evolution email client does this without any problems-- only using the > > > IP address of the Active Directory LDAP server. I can query/search, > > > and it immediately returns all matches.
> > > How can it do this without the big ugly > > > "cn=users,dc=foo,dc=blah,o=acme......" string ?
> > >Since this is obviously possible and simple(except for me), how could > > > I do this same simple query in perl-- only armed with the IP address > > > of my AD/LDAP server?
> > > Curiously, > > > JS
> > Google "LDAP query syntax", and you will find a whole bunch of information > > about querying AD via LDAP. > >Yes, google returns many articles mentioning query strings, such as:
> >But back to my original question-- Evolution doesn't seem to need any > >of this. In Evolution, you simply give it the IP address of your AD/ > >LDAP server and it all magically works. Evolution is running on a > >linux box, which has no knowledge of the query string variables.
> >I even tried running a tcpdump on the connection to figure out what it > >was doing but couldn't figure it out.
> You obviously haven't read them, if you did you would know how to do this. > You need only to specify the CN to search for, the base DN (where to start > the search) along with setting the appropriate seach scope (i.e. subtree).
How does the Evolution mail client know how to query the AD Ldap then? I specified no CN, DN, or subtree; only the IP address of the AD Ldap.
>> > Google "LDAP query syntax", and you will find a whole bunch of information >> > about querying AD via LDAP. >> >Yes, google returns many articles mentioning query strings, such as:
>> >But back to my original question-- Evolution doesn't seem to need any >> >of this. In Evolution, you simply give it the IP address of your AD/ >> >LDAP server and it all magically works. Evolution is running on a >> >linux box, which has no knowledge of the query string variables.
>> >I even tried running a tcpdump on the connection to figure out what it >> >was doing but couldn't figure it out.
>> You obviously haven't read them, if you did you would know how to do this. >> You need only to specify the CN to search for, the base DN (where to start >> the search) along with setting the appropriate seach scope (i.e. subtree).
> How does the Evolution mail client know how to query the AD Ldap > then? I specified no CN, DN, or subtree; only the IP address of the > AD Ldap.
> In Evolution, you simply give it the IP address of your AD/ > LDAP server and it all magically works. Evolution is running on a > linux box, which has no knowledge of the query string variables.
LDAP is not magic. Unless Evolution uses a base DN and a search filter (and that means specifying Distinguished Names like base: ou=rickserver, o=internet filter: cn=rick) then it is not using LDAP to query Active Directory. It may be that Evolution is using canned queries such that all you have to do is to supply the IP of the AD server and it builds the LDAP search query.
If you have access to the logfiles on the Active Directory server you should be able to see what Evolution is doing.
