[Samba] AD LDAP

Michal67M at seznam.cz Michal67M at seznam.cz
Wed Jun 27 10:12:42 UTC 2018

---------- Původní e-mail ----------
Od: Rowland Penny via samba <samba at lists.samba.org>
Komu: samba at lists.samba.org
Datum: 27. 6. 2018 11:49:38
Předmět: Re: [Samba] AD LDAP 
"On Wed, 27 Jun 2018 11:31:15 +0200 (CEST) 
Michal via samba <samba at lists.samba.org> wrote: 

>   Hi, 
>  it there  any way how to look into samba ldap in the same way I can 
> look into OpenLdap via LDAPAdmin, ldap tools etc, when I know 
> OpenLDAP "root" dn and password? Is there such "root" user for Samba 

Samba AD uses its own version of ldap and most, if not all, standard 
ldap tools will work with it. 
The 'root' user for AD is called 'Administrator', but you are not 
restricted to this user, you can use any user that is a member of 
'Domain Admins', for instance. 

(on samba ad server)

ldapsearch -x localhost
# extended LDIF
# LDAPv3
# base <dc=nspuh, dc=cz> (default) with scope subtree
# filter: (objectclass=*)
# requesting: localhost

# search result
search: 2
result: 1 Operations error
text: 00002020: Operation unavailable without authentication

This is problem. We used to be able get "public" data from ldap without 
authentification (password attributes can not be read without user bind, of 
course). Is there any way how to do it? 

>  We have a lot of scripts based on "ldapsearch" (without 
> authentification) and "ldapmodify" (with ldap authentification). It 
> would be very unpleasant if we can not use the scripts with SambaAD. 

They should work, but you may not need all of them, Samba comes with 
'samba-tool' and you can use this to maintain user & groups etc. "

 samba-tool can do queries like 



"-b "ou=people,dc=nspuh,dc=cz" "(!(mail=*))" 






To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 

More information about the samba mailing list