Rowland Penny
2017-Nov-10 14:25 UTC
[Samba] Best practice for creating an RO LDAP User in AD...
On Fri, 10 Nov 2017 14:43:08 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote:> Mandi! Rowland Penny via samba > In chel di` si favelave... > > > > gaio at albus:~$ ldapsearch -x -H ldap://vdcsv1:3268/ -b > > > DC=ad,DC=fvg,DC=lnf,DC=it "(uid=gaio)" > > > Try: > > ldbsearch -H ldap://vdcsv1:3268 -P -b DC=ad,DC=fvg,DC=lnf,DC=it > > '(uid=gaio)' > > Ahem, i need to access with LDAP, eg libldap-linked apps (think about > the php-ldap module), not with ldbsearch/console.... > > (i was simply using ldapsearch because is the simplieast libldap apps > available...) >I think you need to explain just what you are trying to script with PHP ? Rowland
Marco Gaiarin
2017-Nov-10 16:17 UTC
[Samba] Best practice for creating an RO LDAP User in AD...
Mandi! Rowland Penny via samba In chel di` si favelave...> I think you need to explain just what you are trying to script with > PHP ?It was only an example, Rowland. I need some ''generic access'' to LDAP data, and in ''pre auth'' phase, eg i need to access LDAP data before a real user auth. Short answer: Because. ;-) -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Rowland Penny
2017-Nov-10 16:46 UTC
[Samba] Best practice for creating an RO LDAP User in AD...
On Fri, 10 Nov 2017 17:17:43 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote:> Mandi! Rowland Penny via samba > In chel di` si favelave... > > > I think you need to explain just what you are trying to script with > > PHP ? > > It was only an example, Rowland. > > I need some ''generic access'' to LDAP data, and in ''pre auth'' > phase, eg i need to access LDAP data before a real user auth. > > > Short answer: Because. ;-) >In which case, use ldbsearch with -P (machine kerberos password). Rowland