LDAP Queries

LDAP Queries

Post by Subhodini Fernand » Wed, 20 Nov 2002 02:39:25

My aim is to integrate the LDAP which comes in Win2K ADS with Solaris
I have pretty much followed the procedures to setup LDAP client on
Solaris  however am not sure how to test it out.
Another question I had is whether Solaris came by default with a LDAP
Server ? The Sun box I received came with a iPlanet directory services
CD - is that the LDAP Server for Solaris ?
Also, once I setup LDAP how will the UID's be assigned to the LDAP
users in Solaris ?
Guess I am asking a lot of basic questions and have a lot of reading
to do but if I can get the answers to the above it will definitely
speed up the learning process.



1. LDAP Queries to Windows Global Catalog

Hello all,

I really hope this is the correct newsgroup to post this question
against - I've had a hard time tracking down a good place to post it
and I've tried a few of the MS newsgroups with no response, but I
could really use some help - if I'm in the wrong place please direct
me to a more appropriate venue.

I'm trying to solve a particular issue at our site where we need to
authenticate users logging into UNIX boxes against our site's AD and
Kerberos servers.  After reading the documentation at
I've been able to successfully authentication against a single domain.
 However I would like to expand the authentication scenario so that on
a few of our UNIX boxes any user in any domain under the same AD
forest could log into the box.  I figure that instead of doing a
domain LDAP query (port 389), I need to make a query against the
Global Catalog (port 3268), but I can't figure out the configuration I
need.  I have tried changing my /etc/ldap.conf configuration to query
on port 3268 and use a common search
root, but it doesn't work.  I've tried the following configurations
(although not all at once) in my /etc/ldap.conf file:

  # "gc" works with some Windows tools, but I don't know if OpenLDAP
supports it
  uri gc://<fully qualified host name>
  # port 3268 being the port the global catalog server listens on
  uri ldap://<fully qualified host name>:3268
  # this works, but I can only query a single domain at a time
  uri ldap://<fully qualified host name>

I've verified that Kerberos authentication works by using kinit.  I've
also used ldapsearch to successfully make an ldap query against the
Global Catalog.  Unfortunately I'm at a loss to figure out how to get
the system to query the GC for account information.

Does anybody know of any documentation out there that could aid me and
has anybody else successfully gotten this type of configuration to
work?  Any and all help would be appreciated (and again, really sorry
if this isn't the right newsgroup).


2. MAE 3.0 for Solaris Part Number

3. runaway LDAP queries?

4. linux as IPX-router ?

5. PAM Query (LDAP)

6. Helios Trust (/thrust)

7. Debian:Woody, trying to setup automount to query LDAP

8. Problem seding mail, and utmp

9. How to prevent LDAP password from being queried?

10. SUN LDAP, Netscape LDAP (SUN), OPENLDAP, which one?????

11. LDAP over SSL using OpenLDAP/OpenSSL/Cyrus SASL with Netscape's LDAP server

12. NIS v/s LDAP and LDAP compatible to pre-Solaris 8

13. question on ldap/postfix/ease of use for end users regarding ldap