All geek questions in one place

Shared LDAP database for search?

I am writing C ++ / Win32 code to search for a user in an LDAP directory (indeed, I need to check the username and password are correct, and then check the group membership). I have a username, so I hope something like the following will work:

(&(objectCategory=person)(objectClass=user)(uid={username}))

When I call ldap_searchwith this search / filter, I have to provide an initial base (node ​​/ OU / whatever) for the search. But I don’t know where to start the search - all I have is the username. Is there a way to specify the root of the tree that will work with OpenLDAP, Active Directory, Netscape LDAP, etc. Etc.?

In addition, anyone who can answer this may help with this: Is the uid attribute universal, or do I need to look for a different attribute depending on which brand of LDAP server I'm talking to? (I saw links to people who need to search by uid, CNand even SAMAccountName).

+3
source share
3 answers

Regarding your first question about general search base search:

LDAP ( LDAP, ) node, RootDSE. , RootDSE, - namingContexts, , .

, . : LDAP (OpenLDAP, ) , , .

RootDSE , DN "" ( ) , . OpenLDAP:

ldapsearch -H ldap://ldap.mydomain.com -x -s base -b "" +
# note the + returns operational attributes

( OpenLDAP 2.4.8) - :

dn:
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
namingContexts: dc=example,dc=com
namingContexts: dc=example,dc=net
monitorContext: cn=Monitor
supportedControl: 1.3.6.1.4.1.4203.1.9.1.1 (Contentsync RFC 4530)
[...]
supportedExtension: 1.3.6.1.4.1.4203.1.11.1 (ModifyPassword RFC3088)
[...]
supportedFeatures: 1.3.6.1.1.14 (Modify-Increment RFC4525)
[...]
supportedLDAPVersion: 3
supportedSASLMechanisms: NTLM
[...]
entryDN:
subschemaSubentry: cn=Subschema

( http://www.zytrax.com/books/ldap/ch3/#operational)

uid:

, , , ( user-schema uid, ). , . , ( , ( , RootDSE)).

+5

uid, LDAP. , employeeID LDAP DIT.

+2

, . , -

"LDAP://" + _ADSPath + ":" + _ADSPort + "/" + _ADSRootContainer

_ADSPath - /ip; _ADSPort - ( 389 ); _ADSRootContainer - (, ou = Users. , . , , , . .

0

Source: https://habr.com/ru/post/1705761/

More articles:


All Articles