Questions regarding a custom LDAP Browser

General Discussion about LDAP Administrator

Moderator: Support

Questions regarding a custom LDAP Browser

Postby twhitehouse » Wed Feb 27, 2013 7:17 pm

Hello all,

I had a few questions about LDAP browsers in regards to how Softerra does things.

1. Does Softerra know when no users exist on the LDAP Server? If so, how? Is there an LDAP command it uses to query this?
2. Does Softerra know when there are no groups on an LDAP Server? If so, how? Is there an LDAP command it uses to query this?
3. Does Softerra know when the incorrect credentials were entered? If so, how? Is there an LDAP command it uses to query this?

If Softerra does not do #1 and #2, does anyone know of a way in which this could be done.

I would like to know myself how to check that no users existed / no groups existed on any LDAP Servers for a custom LDAP browser being created.

Thanks in advance.
twhitehouse
 
Posts: 2
Joined: Wed Feb 27, 2013 7:10 pm

Re: Questions regarding a custom LDAP Browser

Postby Support » Thu Feb 28, 2013 11:03 am

Hello.
The easiest way to perform #1 and #2 is to run a proper report (All Users or All Groups).
Also you can use LDAP Browser search tools like Directory Search to query this information. The only thing is needed is to define proper LDAP search filter.
As for #3, it's not clear what do you mean by "the incorrect credentials were entered". You can't bind to the server with incorrect credentials. Credentials are validated when you bind to the server. But If you want to find out users in a directory with incorrect credentials, then the answer is no. There is no possibility to get this information.
Support
 
Posts: 886
Joined: Sun Aug 12, 2001 12:00 am

Re: Questions regarding a custom LDAP Browser

Postby twhitehouse » Fri Mar 01, 2013 1:51 pm

Yes, that all makes sense. Thank you for that reply.

I mislead everyone with mentioning "incorrect credentials". This is not what I wanted to ask. I am sorry about that. What I wanted to ask was the following.

I made a custom piece of software in which I mimic retrieving information from an LDAP Server. I retrieve users and groups most importantly. I want to retrieve all information for each user and group. This includes attributes like username, email address, etc. So, in order to get all of the fields to show up in my software, I need to know what each field is ahead of time on the LDAP Server, right?. But, I cannot determine if fields in my software correctly match the attributes on the LDAP Servers. I can only determine if the attribute exists apparently. So, this means that I could end up with "instanceType" as a username. "instanceType" is an LDAP attribute on one of the LDAP Servers I am testing against. When I user "instanceType" as a username, all users returned in the LDAP Search had a username = "4". "4" was not their usernames. Their usernames were jdoe, jdoe2, ssmith, etc. So, in order to get the username in my software to show up for the username field, I need to put "cn", "sAMAccountName", or "uid" in my software so that I know what to query. Then, I will see jdoe, jdoe2, ssmith, etc. for usernames.

What I really wanted to know was if there was something in LDAP that could let me know if the attributes were correct. But, the more I think about it, correct is a matter of perspective. I want the software to tell me that "instanceType" is not right for usernames. Is this possible? This way, I will never get "4" for the usernames for all users by accident.

Also, does Softerra know stuff like this when it does queries?
twhitehouse
 
Posts: 2
Joined: Wed Feb 27, 2013 7:10 pm


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 1 guest