[Samba] Using AD machine account for ldap queries
Nick
t31 at 2thebatcave.com
Sun Sep 20 19:45:50 MDT 2009
Has anyone thus far used the machine account to perform ldap queries
to the active directory ldap server? Essentially what I am trying to
do is have some cron scripts perform ldap queries to the AD server to
get things like account status and such. I realize that technically
the AD server can be setup to allow anonymous ldap queries, or a
separate service account could be used. However due to security
policy constraints in our environment, neither of these can be done.
Therefore what I am trying to do is get ldapsearch or similar to use
the machine account. I'm guessing the simplest approach would be to
find a way to extract the machine account name and password from
whatever samba database holds it, then pass that directly into
ldapsearch. Ideally I would just use some sort of samba built-in
utility (to avoid needing to pass the password in via insecure command
line args or environment variables that can potentially be read by
other users on the system), however I can't seem to find anything in
the samba suite that performs that function.
Ideas?
More information about the samba
mailing list