LDAP
Dec 21st, 2004 by Aaron Louie
[Yes, I know it's been more than 2 weeks since my last post...]
Due to the needs of the groupware project I’m working on, I’ve been exploring the world of LDAP.
Unfortunately, I’m trying to query our Windows Active Directory to discover the LDAP attribute names for use in a PHP script — and the Microsoft documentation for the LDAP interface to Active Directory is cryptic and completely unhelpful. I’m sure what I want to know is in there, but I don’t have time to read it all. Thankfully, some nice people have written some more useful guides to the LDAP attribute names in Active Directory.
Especially of help is the ldapsearch command line tool, which allows one to query an LDAP server and get all kinds of useful user, group, and permissions information. Well, at least it allows one to do it if one knows what one is doing. Through trial and error with the syntax, I figured out a Linux command-line query that would allow me to see the attributes available in the LDAP-ified Active Directory:
ldapsearch -h "ldapserver.mydomain.edu" \
-b "CN=Aaron Louie,OU=Library Systems,OU=Staff,DC=subdomain,DC=mydomain,DC=edu" \
-D "cn=pubuser,ou=public,dc=subdomain,dc=mydomain,dc=edu" \
-w "********" \
"objectclass=*"
Check out the ldapsearch manual pages for an explanation of what all those flags mean. Once I can get our PHProjekt installation to map the resulting LDAP attributes to meaningful username and address book entries, we’ll be in business.