[ale] Connecting to MS with LDAP

[Ryan Matteson]

Jason Day wrote:

> On Wed, Jul 16, 2003 at 12:00:36PM -0400, Michael D. Hirsch wrote:
> 
>>Our company directory is a windows thingie.  With outlook anyone can find 
>>any mail address, browse calendars, etc.
>>
>>I'm told that MS is just doing LDAP under the hood, so in priciple I should 
>>be able to connect the KDE address book (Kaddressbook)  to the server and 
>>have similar access to the company directory.
>>
>>Has anyone done this?  Did you have success?  As near as I can tell I've 
>>never gotten anything from the server.
> 
> 
> I do this currently using mozilla.  I've also had limited success using
> evolution.  I've never used kaddressbook, though, but it should be
> similar.
> 
> The trickiest part is figuring out how to authenticate.  In my
> experience, every single LDAP server uses a different scheme for the
> bind DN.  Some use your username, some use your email address, some use
> a weird LDAP DN like "cn=username" or similar.  You'll need to
> experiment, or ask your sysadmin.
> 
> If you have mozilla installed, I would recommend trying that first.
> It's extremely easy to setup, just go to prefs->addressing and click the
> "Edit Directories" button.  Click Add, enter a name and the hostname of
> your AD server.  Try leaving the base DN and bind DN blank at first, and
> see if it works.  If it doesn't, try experimenting with the bind DN.
> 
> Good Luck,
> Jason

You can also use tools to grab the interaction between MS clients and
your AD server. Since it uses kerberos to authenticate, you may need
to filter the cient <-> KDC transactions out, but the LDAP interactions
and search requests should be visible (You will need to decrypt the
LDAP data if SSL is used). I don't have an AD to test this on, but 
ldapsearch has a plethora of options for debugging LDAP.



_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale