[SOLVED] LDAP question???

[kostres]

Hello,
Little help please. I’ am trying to find a CLI command that would use users username and password and check weather that user (with that password) exists in my Zimbra system. I used the ldapserach command ( ldapsearch –h 1.2.3.4 –xZZ uid=joe ) and got the answer, but I need a command (or some other way) to give a user name and password (both are mandatory) and to receive similar answer.

Thanks for your effort

Kostres

[phoenix]

You're not going to be able to do that as the passwords are encrypted.

[kostres]

Thanks Bill.

Is there any other way?? I need this because I want to auth. users on my sistem and then to allow them to use another system. Any ideas how to solve this ???

Kostres

[phoenix]

You might want to take a look at preauth.

[kostres]

"Preauth stands for pre-authentication, and is a mechanism to enable a trusted third party to "vouch" for a user's identity. For example, if a user has already signed into a portal and wants to enter the mail application, they should not have to be prompted again for their password. "

This is almost it! Thing is that I' am that third party and I'am the system that has to "vouch" for users identity. I work for faculty and one site is giveing free access to our students. Their site has ability to ask our site weather is the guy who is trying to log in our student. I have to "vouch" for him somehow.

Thanks Bill
Kostres

[ldapguru]

Use -D <dn> -w <pwd> to bind to the directory server, for example:

ldapsearch -D 'cn=username,dc=example,dc=com' -w changeme

[kostres]

command:
ldapsearch -h 111.222.33.44 -D 'cn=joe,dc=my,dc=domain,dc=com' -w joes_password
returned:
SASL/GSSAPI authentcation started
ldap_sasl_interactive_bind_s: Local error (-2)
aditional info: SASL (-1): generic failure: GSSAPI Error: Miscellananeous failure (see text) .... no such file or directory...

This just isn't working (or I' should be a politician, instead of sysadmin)

Thanks
Kostres

[quanah]

command:
ldapsearch -h 111.222.33.44 -D 'cn=joe,dc=my,dc=domain,dc=com' -w joes_password

You are missing the -x option.

[kostres]

You are missing the -x option.

Now i got: ldap_bind "Invalid credentials (49)" error message.

command:
ldapsearch -h 111.222.33.44 -x -D 'cn=joe,dc=my,dc=domain,dc=com' -w joes_password
should work because I use that username and pass to read my mail every day.

So far only command that worked is: ldapsearch –h 111.222.33.44 –xZZ uid=joe .

Thanks for your effort...

[kostres]

I used the following command:
ldapsearch -h 111.111.222.333 -x -D 'uid=joe,ou=people,dc=this,dc=is,dc=my,dc=domain,dc=com' -w joes_pass

and server printed out all 5000 users on screen! Now that is almost what I need... Now is there a way to filter this?? It is enough if it returns true or false or just few lines with joe's data???

Thanks Kostres