Differences

This shows you the differences between two versions of the page.

--- ldap_integration [2009/08/20 09:23] – 172.26.0.166
+++ ldap_integration [2009/08/20 09:27] – 172.26.0.166
@@ Line 4: / Line 4: @@
 ===== Notes =====
+==== Using ''ldapsearch'' on Linux ====
 Try to search from a Linux machine which can talk to the AD server (HPC is behind firewall):
 <code>[aorth@shamba: ~]$ ldapsearch -x -H ldap://172.26.0.218:3268 -b "dc=ilri,dc=cgiard,dc=org" -D "cn=bioinfohpc,cn=users,dc=ilri,dc=cgiard,dc=org" -W ""
@@ Line 13: / Line 15: @@
 DEC: 1317 – ERROR_NO_SUCH_USER (The specified account does not exist.)
 NOTE: Returns when username is invalid.</file>
+==== binddn ====
 A note of possible interest regarding binding on Linux (from the [[http://lists.samba.org/archive/samba/2007-April/131385.html|samba mailing list]]):
 <file>AD domain controllers listen on the standard LDAPS port (636) and will
@@ Line 18: / Line 21: @@
 don't think they support TLS on port 389, but I have no tried in a long
 time.</file>
+==== Domain controller vs. Global catalog ====
+<file>All Windows 2000/2003 AD domain controllers (including Global Catalog Servers) listen for LDAP requests on the standard LDAP port 389. However, domain controllers (including Global Catalog Servers) respond to LDAP queries on port 389 with AD information from within its own AD domain only. Again, this works fine in a single domain configuration but not in a multi-domain setup. Global Catalog Servers additionally listen for LDAP requests on port 3268, Microsoft's AD LDAP port. Global Catalog Servers respond to LDAP queries on port 3268 with AD information from the entire AD forest. In multi-domain AD environments, it is best to use port 3268.</file>
 ===== pam_cgiar_ldap.c =====