LDAP syntax isn't the easiest to handle on a regular basis; I even have trouble with it. It's very finicky, and most often, it does take a couple of tries to get it working. I'd recommend a swap for those running OpenLDAP to either EDirectory or 389DS, though. Both have web interfaces, and they are much easier to configure. I intend to play with 389DS in my lab one of these days, and when I do, I'll report back here ... Maybe it's the method of configuration that folks aren't comfortable with? Editing configuration text files is sure not my favourite way of configuring servers, I'll say that much. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Jen Bottom Sent: Thursday, February 08, 2018 5:44 AM To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: Re: [Blind-sysadmins] LDAP/AD questions Hi Andrew and Katherine, Thanks for the info. We have customer's using AD and Open LDAP, so I will eventually need a server running AD and one running open LDAP. I plan to start with open LDAP setup, then do the AD stuff. When a customer has problems, ikt is ususlly something like they haven't specified the name of the LDAP user correctly when mapping it to the Helix User. IThere also seem to be issues related to using LDAP groups, but I don't know details about what exactly the problems seem to be. will do some reading/playing and come back if I have more questions. Cheers, Jen. On 2/5/18, Andrew Hodgson <andrew@hodgsonfamily.org> wrote:
Hi,
You have a few options:
- Download a VHD or image with AD pre-installed and working. This may be a quick option especially if you don't have the time to play about with it or have specific goals in mind; - Download the evaluation Iso (use your Vagrant box if you have it) and get AD working on that.
I don't know how you do RDP to existing Windows boxes now, but you will need that initially to get it running.
It sounds like for your requirements you are interested in the LDAP side of AD, so not joining machines to the domain or using Group Policy etc. That makes things easier, means you don't have to worry about the network stuff.
I would research the AD PowerShell tools as they are probably the best way of getting access and manipulating the AD objects. You can of course use LDAP, but I don't know if you can modify the objects in LDAP and I would suggest that isn't the way you should be managing this at a customer site if they have problems either, so learning those PowerShell tools is the way to go.
I take it the sort of thing you are looking at doing is manipulating objects in OUs etc, then seeing how that looks in the LDAP tree? I don't know what LDAP browser you use now, but you can use that with AD to look at how things look in LDAP once you make changes to the objects.
Hope this helps, Andrew.
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Jen Bottom Sent: 05 February 2018 16:16 To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] LDAP/AD questions
Hi,
Firstly apologies in advance for some of these questions.
I am very new to LDAP/AD setup and administration.
Background: I work for a company who have a couple of different LDAP/AD integrations, depending on the product.
We are currently buying up other companies/products, and they sometimes come with their own LDAP/AD integrations.
Recently the main person for LDAP knowledge in our team left to join IT, and I found my self for some reason offering to skill up on LDAP/AD.
The problem: Most of the cases we get relating to LDAP, seem to result on the TSE getting on the customer's system via WebEx etc, to look at their tree, and other aspects of their configuration.
There is some worry that I will not be able to do this, as there is not currently a remote desktop solution that works without the customer having to install a screen-reader.
If I am wrong about this BTW then please post and let me know.
For Linux boxes there is tmate etc, but I have found nothing like that for Windows.
Also it is good to have a dump of the data, in case someone else takes over the case later on.
So, I am looking for some useful commands that will dump the LDAP/AD tree info, so I can look at it with my screen reader/braille display.
Also, I have looked in to setting up LDAP for test purposes.
I want to use a Vagrant box or Docker image, but the implementations I saw in the past used puppet etc and looked fairly heacy.
A lot of the tutorials I have looked at suggest to use the gui PHP admin tool.
If anyone could point me to a command-line based resource for simple LDAP setup to get me started that would be great!
Cheers, Jen!
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins