In the LDAP world, authentication has an alias name, bind. I mentioned in my other blog that Windows AD doesn't follow the standard login process. For more details please refer to Simple Authentication/Bind difference between LDAP and Windows AD.
Windows AD supports simple authentication by default, so we can use username/password to login/bind.
ldapsearch -x -H ldap://192.168.0.11 \
-D 'CN=Administrator,CN=Users,DC=smallstrong,DC=org' \
-w 'yourpassword' \
-b 'cn=Users,dc=smallstrong,dc=org' \
'(objectClass=User)' 'dn'
For the 'username', besides "distinguished name" as above, we can also use UPN, such as:
ldapsearch -x -H ldap://192.168.0.11 \
-D 'Administrator@smallstrong.org' \
-w 'yourpassword' \
-b 'cn=Users,dc=smallstrong,dc=org' \
'(objectClass=User)' 'dn'
-D 'Administrator@smallstrong.org' \
-w 'yourpassword' \
-b 'cn=Users,dc=smallstrong,dc=org' \
'(objectClass=User)' 'dn'
OR
ldapsearch -x -H ldap://192.168.0.11 \
-D 'smallstrong\Administrator' \
-w 'yourpassword' \
-b 'cn=Users,dc=smallstrong,dc=org' \
'(objectClass=User)' 'dn'
But the following doesn't work.
ldapsearch -x -H ldap://192.168.0.11 \
-D 'smallstrong.org\Administrator' \
-w 'yourpassword' \
-b 'cn=Users,dc=smallstrong,dc=org' \
'(objectClass=User)' 'dn'
-D 'smallstrong\Administrator' \
-w 'yourpassword' \
-b 'cn=Users,dc=smallstrong,dc=org' \
'(objectClass=User)' 'dn'
But the following doesn't work.
ldapsearch -x -H ldap://192.168.0.11 \
-D 'smallstrong.org\Administrator' \
-w 'yourpassword' \
-b 'cn=Users,dc=smallstrong,dc=org' \
'(objectClass=User)' 'dn'
No comments:
Post a Comment