Howto Ldap Auth: Difference between revisions
From Pumping Station One
No edit summary |
No edit summary |
||
| Line 70: | Line 70: | ||
** Some services apply setting different e.g. as a regex on the user, or as a template setting. | ** Some services apply setting different e.g. as a regex on the user, or as a template setting. | ||
* If you try and bind to ldap with a 0 length password, it "works", sort of. There is no error, but you can't access anything substantial. This is enough to fool services into thinking that the password was correct. | * If you try and bind to ldap with a 0 length password, it "works", sort of. There is no error, but you can't access anything substantial. This is enough to fool services into thinking that the password was correct. | ||
== ldapsearch == | |||
ldapsearch is a handy tool that is part of open ldap. You can query some handy information out of our ldap servers as follows if you have an account to bind with: | |||
#list laser cutter certified: | |||
ldapsearch -v -x -H ldap://bob.ad.pumpingstationone.org -b "DC=ad,DC=pumpingstationone,DC=org" -D "PS1\myuser" -W "CN=Laser Engraver Certified" | |||
#list domain Admins | |||
ldapsearch -v -x -H ldap://bob.ad.pumpingstationone.org -b "CN=Users,DC=ad,DC=pumpingstationone,DC=org" -D "PS1\myuser" -W "CN=Domain Admins" | |||
