querying Active Directory via LDAP in perl
josep...@yahoo.com
having much success. I was never sure what sort of crazy query string
the AD server wanted. But then it occurred to me that my Linux
Evolution email client does this without any problems-- only using the
IP address of the Active Directory LDAP server. I can query/search,
and it immediately returns all matches.
How can it do this without the big ugly
"cn=users,dc=foo,dc=blah,o=acme......" string ?
Since this is obviously possible and simple (except for me), how could
I do this same simple query in perl-- only armed with the IP address
of my AD/LDAP server?
Curiously,
JS
Thrill5
<josep...@yahoo.com> wrote in message
news:03a34234-c330-464e...@k36g2000pri.googlegroups.com...
Google "LDAP query syntax", and you will find a whole bunch of information
about querying AD via LDAP.
josep...@yahoo.com
> <joseph85...@yahoo.com> wrote in message
Yes, google returns many articles mentioning query strings, such as:
search DN: ou=groups,ou=@company,dc=corp,dc=trx,dc=com
But back to my original question-- Evolution doesn't seem to need any
of this. In Evolution, you simply give it the IP address of your AD/
LDAP server and it all magically works. Evolution is running on a
linux box, which has no knowledge of the query string variables.
I even tried running a tcpdump on the connection to figure out what it
was doing but couldn't figure it out.
Thrill5
<josep...@yahoo.com> wrote in message
news:e34ecf39-ee6c-42de...@i24g2000prf.googlegroups.com...
You obviously haven't read them, if you did you would know how to do this.
You need only to specify the CN to search for, the base DN (where to start
the search) along with setting the appropriate seach scope (i.e. subtree).
josep...@yahoo.com
> <joseph85...@yahoo.com> wrote in message
>
> news:e34ecf39-ee6c-42de...@i24g2000prf.googlegroups.com...
> On Dec 11, 7:11 pm, "Thrill5" <nos...@somewhere.com> wrote:
>
>
>
> > <joseph85...@yahoo.com> wrote in message
>
> >news:03a34234-c330-464e...@k36g2000pri.googlegroups.com...
>
> > > I've been poking at this on and off over the past few months, never
> > > having much success. I was never sure what sort of crazy query string
> > > the AD server wanted. But then it occurred to me that my Linux
> > > Evolution email client does this without any problems-- only using the
> > > IP address of the Active Directory LDAP server. I can query/search,
> > > and it immediately returns all matches.
>
> > > How can it do this without the big ugly
> > > "cn=users,dc=foo,dc=blah,o=acme......" string ?
>
> > > I do this same simple query in perl-- only armed with the IP address
> > > of my AD/LDAP server?
>
> > > Curiously,
> > > JS
>
> > Google "LDAP query syntax", and you will find a whole bunch of information
> > about querying AD via LDAP.
> >Yes, google returns many articles mentioning query strings, such as:
>
> >search DN: ou=groups,ou=@company,dc=corp,dc=trx,dc=com
>
> >But back to my original question-- Evolution doesn't seem to need any
> >of this. In Evolution, you simply give it the IP address of your AD/
> >LDAP server and it all magically works. Evolution is running on a
> >linux box, which has no knowledge of the query string variables.
>
> >I even tried running a tcpdump on the connection to figure out what it
> >was doing but couldn't figure it out.
>
> You obviously haven't read them, if you did you would know how to do this.
> You need only to specify the CN to search for, the base DN (where to start
> the search) along with setting the appropriate seach scope (i.e. subtree).
How does the Evolution mail client know how to query the AD Ldap
then? I specified no CN, DN, or subtree; only the IP address of the
AD Ldap.
Mart van de Wege
> On Dec 13, 10:48 am, "Thrill5" <nos...@somewhere.com> wrote:
>> <joseph85...@yahoo.com> wrote in message
>>
>> news:e34ecf39-ee6c-42de...@i24g2000prf.googlegroups.com...
>> On Dec 11, 7:11 pm, "Thrill5" <nos...@somewhere.com> wrote:
>>
<snip>
>> > Google "LDAP query syntax", and you will find a whole bunch of information
>> > about querying AD via LDAP.
>> >Yes, google returns many articles mentioning query strings, such as:
>>
>> >search DN: ou=groups,ou=@company,dc=corp,dc=trx,dc=com
>>
>> >But back to my original question-- Evolution doesn't seem to need any
>> >of this. In Evolution, you simply give it the IP address of your AD/
>> >LDAP server and it all magically works. Evolution is running on a
>> >linux box, which has no knowledge of the query string variables.
>>
>> >I even tried running a tcpdump on the connection to figure out what it
>> >was doing but couldn't figure it out.
>>
>> You obviously haven't read them, if you did you would know how to do this.
>> You need only to specify the CN to search for, the base DN (where to start
>> the search) along with setting the appropriate seach scope (i.e. subtree).
>
> How does the Evolution mail client know how to query the AD Ldap
> then? I specified no CN, DN, or subtree; only the IP address of the
> AD Ldap.
Evolution does specify the CN:
mvdwege@gareth:/usr/lib/evolution$ find . -exec strings \{} \; | grep -i 'cn ='
cn = %s
Furthermore, I concur with the previous poster: *read* those search
entries. LDAP query syntax isn't that hard to understand, it's just
verbose.
Mart
--
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.
Rick Sanders
> In Evolution, you simply give it the IP address of your AD/
> LDAP server and it all magically works. Evolution is running on a
> linux box, which has no knowledge of the query string variables.
LDAP is not magic. Unless Evolution uses a base DN and a search filter
(and that means specifying Distinguished Names like base: ou=rickserver,
o=internet filter: cn=rick) then it is not using LDAP to query Active
Directory. It may be that Evolution is using canned queries such that
all you have to do is to supply the IP of the AD server and it builds
the LDAP search query.
If you have access to the logfiles on the Active Directory server you
should be able to see what Evolution is doing.
-Rick
** Posted from http://www.teranews.com **