My apologies - I put the wrong bind example in. Attempting to bind as dn="ntUserDomainId=smithr,ou=People,dc=fedora,dc=test,dc=com" also fails. Richard, regarding the alternative search filter, is it possible to perform a search where you match against a password? I'm using this to currently perform a silent login after having binded (is that a word?) was the directory admin. SRCH base="ou=People,dc=fedora,dc=test,dc=com" scope=2 filter="(&(objectClass=*)(ntUserDomainId=SmithR))" attrs="memberOf" I imagine it would be fairly easy to extract the password too. Do you think so? Would I use the userPassword field for this? Do you think that this is what most directories will store the user's password in? Many thanks again Rich On 12/01/06, Richard Megginson <rmeggins at redhat.com> wrote: > > I don't think this will work either. The DN for the entry is > uid=RSmith,ou=People, dc=fedora,dc=test,dc=com - If you want to bind as > this same user but with a different DN, you will have to rename the > entry to use ntUserDomainId=smithr as the RDN instead of uid=RSmith. If > AD allows you to request an entry by DN other than the actual DN of the > entry, then it is non-standard LDAP behavior. > > Of course, if your client program allows it (like PAM), you can use a > different search filter to look up your entry. I think PAM by default > uses (uid=%s) where %s is filled in with your login name. I suppose you > could change it to (ntUserDomainId=%s), then you should be able to use > your existing entry for PAM login without having to rename it. However, > if your client application expects ntUserDomainId=foo in the DN, then > you have no choice but to rename your entry. > > Bowie Bailey wrote: > > >Richard Gibson wrote: > > > > > >>Hello there. > >> > >>I've been using the Fedora Directory Server for very small scale > >>testing at work, but actually know rather little about LDAP > >>unfortunately. Hopefully you won't mind. Anyway, is it possible to > >>bind with an entry other than CN? I have the following user (LDIF > >>format): > >> > >>dn: uid=RSmith,ou=People, dc=fedora,dc=test,dc=com > >>mail: blablabla at test.com > >>uid: RSmith > >>givenName: Richard > >>objectClass: top > >>objectClass: person > >>objectClass: organizationalPerson > >>objectClass: inetorgperson > >>objectClass: ntuser > >>objectClass: posixAccount > >>sn: Smith > >>cn: RSmith > >>creatorsName: > >>uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot > >>modifiersName: > >>uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot > >>createTimestamp: 20050905103419Z > >>modifyTimestamp: 20050916131603Z > >>nsUniqueId: 86b5b081-1dd211b2-806ddcd6-e1700000 > >>ntUserDomainId: smithr > >>uidNumber: 1 > >>gidNumber: 2 > >>homeDirectory: /home/smithr > >> > >> > >>When attempting to bind using the following (as taken from the access > >>log): > >>BIND dn="ntUserDomainId=Richard > Smith,ou=People,dc=fedora,dc=test,dc=com" > >> > >> > >method=128 version=3 > > > > > >>...I get "No such object". This user does exist though. Is binding > >>using the ntUserDomainId out of the question? > >> > >> > > > >Take a closer look. The ntUserDomainId is "smithr" for this user, not > >"Richard Smith". > > > >Try this: > >dn="ntUserDomainId=smithr,ou=People,dc=fedora,dc=test,dc=com" > > > >Disclaimer: I'm an LDAP beginner myself. This is just a suggestion > >based on the fact that your bind doesn't match the user information you > >provided. > > > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20060112/52f987eb/attachment.html
