Differences between current version and predecessor to the previous major change of ActiveDirectoryAuthenticationNotes.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 16 | Last edited on Monday, January 23, 2006 10:28:48 pm | by ChristopherHahn | |
Older page: | version 14 | Last edited on Wednesday, June 22, 2005 2:59:11 pm | by MatthiasDallmeier | Revert |
@@ -51,8 +51,10 @@
;search type:is 'sub' for subtree
;search filter:is a filter to apply, we only want to return user's (since we don't want people doing something silly like authenticating as a printer or a domain name)
the sAMAccountName is the ldap attribute ActiveDirectory uses for storing the username.
+
+!!IMPORTANT NOTE FOR WINDOWS PEOPLE
Note that Windows doesn't provide any really useful ways of seeing the LDAP structure, and thus knowing how to construct your LDAP queries can be tricky. There is a very helpful tool called "Ldp.exe" in the Windows Support Tools package (see http://support.microsoft.com/default.aspx?scid=kb;en-us;301423 - and note that there is an article for win2k3 also). Using this tool can be fairly intimidating. See: http://support.microsoft.com/default.aspx?scid=kb;EN-US;224543 for an overview.
[1]: Domain Component
@@ -73,8 +75,12 @@
The following was posted to the NT BugTraq list (don't ask), and I thought it may be appropriate.
Here is the code I use to change a password in Active Directory. It
uses the perl-ldap module from http://perl-ldap.sourceforge.net/
+
+Ther perl-ldap FAQ provides examples of Active Directory password resets, and normal LDAP password resets:
+[http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP/FAQ.pod]
+(or perldoc Net::LDAP::FAQ )
It is part of a bigger program that we use to synchronize our LDAP to
Active Directory. (one way synchronization from LDAP to AD, except
for passwords which are two-way) I have reduced it down to a simple