LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   Active Directory, Exchange, Squirrelmail and LDAP (http://www.linuxquestions.org/questions/linux-software-2/active-directory-exchange-squirrelmail-and-ldap-510948/)

depam 12-15-2006 11:58 PM

Active Directory, Exchange, Squirrelmail and LDAP
 
Hi!

Just want to ask if it is possible to port the address book made using Windows Active Directory to squirrelmail.

I also want to ask if it is possible to produce a linux-based server that will act as a Primary Domain Controller and LDAP instead of Active Directory to handle authentication, roaming profile and file server. Thanks.

hob 12-18-2006 05:04 AM

Active Directory is an LDAP server, so you can run scripts to extract information like email addresses from it using any language that you are familiar with.

Samba enables UNIX systems to emulate a Windows NT domain controller for file sharing , roaming profiles, authentication etc. To do what you've described create an LDAP directory with OpenLDAP, add the records to it, and then configure Samba to use the LDAP directory. The Samba Web site provides the text of several books that have been published: Samba is one of the best documented OSS projects around.

This question comes up a lot, so please do Google!

depam 12-19-2006 01:04 AM

Okay. I was able to make a LDAP server for WIndows machines. Roaming profiles, ad file server is controlled by this Linux LDAP Server. Now, what I want to do is to parse the address book situated in the Active Directory in squirrelmail.

My problem is that when I populated the AD, I don't know where to find the base dn. Is there a base dn for the Active Directory or is it just for linux LDAP? Hope you can help me out on this. Thanks.

hob 12-19-2006 03:18 AM

DNs are part of the LDAP spec., and AD is an LDAP v.3 server. MS ship a basic utility that lets you see AD as LDAP, and get DNs etc.: Start > Run > adsiedit.

Note that AD does not permit anonymous binds, so you will need to bind with an account (it's best to create a restricted account specifically for this). The preferred format for specifying accounts when binding to AD is the UPN, e.g. user@domain.

It sounds like you've pretty much nailed all the hard parts already - congrats.

PhillipHuang 12-19-2006 07:27 AM

Hi Hob,

I just try "adisedit" as you said, and there's error pop out "Microsoft cannot find adsiedit". I've tested in Windows XP(SP2) and Win 2K server(AD).

Should I internal external windows packages?

Thanks in advance.

hob 12-19-2006 10:55 AM

Quote:

Originally Posted by PhillipHuang
Hi Hob,

I just try "adisedit" as you said, and there's error pop out "Microsoft cannot find adsiedit". I've tested in Windows XP(SP2) and Win 2K server(AD).

Should I internal external windows packages?

Thanks in advance.

Hmm. Apparently ADSI Edit is part of the "Windows Support Tools", which is not installed by default. TechNet says that there is an MSI package for WST on the Windows 2000 CD:

http://technet2.microsoft.com/Window....mspx?mfr=true

depam 12-19-2006 06:36 PM

Hi!

How about me? I am using Windows 2003 Enterprise Server. Is there any other way to know the base DN aside from installing that tool?

hob 12-19-2006 06:57 PM

Quote:

Originally Posted by depam
Hi!

How about me? I am using Windows 2003 Enterprise Server. Is there any other way to know the base DN aside from installing that tool?

Try toggling the "Advanced" mode in Active Directory Users and Computers, but don't hold me to that - I don't have access to a Windows Server from where I'm posting.

depam 12-19-2006 07:42 PM

hob,

I found out that Windows 2003 has a Active Directory Connector Services...There are two entried under Active Directory Connector:

1.) From Exchange RPC
2.) From Windows RPC

When I clicked on the properties of "From Exchange RPC" and under the From Exchange tab, I saw Exchange Recepient Containers and Default Destination. Both of these entries does have a container. I tried both on squirrelmail but failed.

A while ago you told me that AD does not accept anonymous binding. Now where do I see the password for AD. I mean on OpenLDAP, I have setup in slapd.conf the password for the user admin. Hope you can help me out...Thanks.

hob 12-19-2006 08:00 PM

You don't want either of those. You have two options, really:

a) Import your user accounts into OpenLDAP and then drop Active Directory. You can write scripts to do this, or probably find more info on-line about migration tools. You can then bind SM to your OpenLDAP directory.

b) Keep Active Directory, and point SquirrelMail to that. In this situation you need to add a valid AD username and password in the SquirrelMail configuration for SM to bind to AD with.

depam 12-19-2006 08:55 PM

I simply cannot drop AD. For some reasons that my boss wants me to retain it. I just can't figure out how to bind SM with AD. I just don't know where to get the correct base DN. For the username and password, where will I see it in AD? Thanks.

hob 12-19-2006 09:16 PM

The simplest option is to use ADSI Edit if you can't find the information in AD Users and Computers.

You need to create a user account for SM to use for binds, or give it the details of an existing account (which I don't recommend).

PhillipHuang 12-20-2006 01:18 AM

Quote:

Originally Posted by hob
Hmm. Apparently ADSI Edit is part of the "Windows Support Tools", which is not installed by default. TechNet says that there is an MSI package for WST on the Windows 2000 CD:

http://technet2.microsoft.com/Window....mspx?mfr=true

Thanks, Hob. I'll try it later.


All times are GMT -5. The time now is 05:43 AM.