Tim Musson wrote:
Hey Graham, or Ben :-)
My MUA believes you used Ximian Evolution 1.4.4 to write the following on Wednesday, August 27, 2003 at 3:06:04 PM.
GB> I have spent a week trying to search Active Directory via Net::LDAP. GB> I finally found the xray mailing list (geo crawler does not seem to GB> have information for this year?) via your CPAN information. I have GB> spent all day reading posts (many of them yours), which has led me GB> to believe that I need to use Simon' s module GB> (perl-cyrus-sasl-0.02.tar.gz) to use GSSAPI to bind to AD. I am GB> going to start down this path, but I realize that many people are GB> trying to do this. Unfortunately, I have yet to find a decent howto GB> on it. Perhaps you can point me in the right direction?
GB> Also, I saw the post GB> (http://www.xray.mpe.mpg.de/mailing-lists/perl-ldap/2003-01/msg00116.html) GB> that suggested putting Active Directory info in your Net:LDAP book. GB> I would buy it if it contained this information, especially the hard GB> to track down authentication piece. Several people at my company GB> have been trying to do this (AD via perl).
I also had to do this, and have written a script taking things from the Net::LDAP::Examples link on http://perl-ldap.sourceforge.net/.
I broke most everything into subroutines because I needed to do 3 different queries to 3 different LDAP sources (syncing them...).
The one thing I had the hardest time with is you don't use port 389 for LDAP access (I think AD does some very proprietary LDAP *type* things on 389). The MS web site has a document about it, and my AD admins followed it and set up port 3268 for LDAP queries. Another thing about AD LDAP is that by default there is no anonymous access at all. We decided it was not needed, and set up an ID with rights...
Port 3268 is the global catalog. It should respond to (authenticated) ldap queries without any configuration necessary.
On a related note - has anyone been able to query AD using GSSAPI with credentials from a trusted MIT realm or (even better) by extracting Windows 2000 Kerberos credentials and using those to bind with?
Thanks for the examples.
al
--
Al Lilianstrom CD/CSS/CSI [EMAIL PROTECTED]
