Hi!

Just want to ask if it is possible to port the address book made using Windows Active Directory to squirrelmail.

I also want to ask if it is possible to produce a linux-based server that will act as a Primary Domain Controller and LDAP instead of Active Directory to handle authentication, roaming profile and file server. Thanks.

Active Directory is an LDAP server, so you can run scripts to extract information like email addresses from it using any language that you are familiar with.

Samba enables UNIX systems to emulate a Windows NT domain controller for file sharing , roaming profiles, authentication etc. To do what you've described create an LDAP directory with OpenLDAP, add the records to it, and then configure Samba to use the LDAP directory. The Samba Web site provides the text of several books that have been published: Samba is one of the best documented OSS projects around.

This question comes up a lot, so please do Google!

Okay. I was able to make a LDAP server for WIndows machines. Roaming profiles, ad file server is controlled by this Linux LDAP Server. Now, what I want to do is to parse the address book situated in the Active Directory in squirrelmail.

My problem is that when I populated the AD, I don't know where to find the base dn. Is there a base dn for the Active Directory or is it just for linux LDAP? Hope you can help me out on this. Thanks.

DNs are part of the LDAP spec., and AD is an LDAP v.3 server. MS ship a basic utility that lets you see AD as LDAP, and get DNs etc.: Start > Run > adsiedit.

Note that AD does not permit anonymous binds, so you will need to bind with an account (it's best to create a restricted account specifically for this). The preferred format for specifying accounts when binding to AD is the UPN, e.g. user@domain.

It sounds like you've pretty much nailed all the hard parts already - congrats.

Hi Hob,

I just try "adisedit" as you said, and there's error pop out "Microsoft cannot find adsiedit". I've tested in Windows XP(SP2) and Win 2K server(AD).

Should I internal external windows packages?

Thanks in advance.

Hmm. Apparently ADSI Edit is part of the "Windows Support Tools", which is not installed by default. TechNet says that there is an MSI package for WST on the Windows 2000 CD:

http://technet2.microsoft.com/Window....mspx?mfr=true

Hi!

How about me? I am using Windows 2003 Enterprise Server. Is there any other way to know the base DN aside from installing that tool?

Try toggling the "Advanced" mode in Active Directory Users and Computers, but don't hold me to that - I don't have access to a Windows Server from where I'm posting.

hob,

I found out that Windows 2003 has a Active Directory Connector Services...There are two entried under Active Directory Connector:

1.) From Exchange RPC
2.) From Windows RPC

When I clicked on the properties of "From Exchange RPC" and under the From Exchange tab, I saw Exchange Recepient Containers and Default Destination. Both of these entries does have a container. I tried both on squirrelmail but failed.

A while ago you told me that AD does not accept anonymous binding. Now where do I see the password for AD. I mean on OpenLDAP, I have setup in slapd.conf the password for the user admin. Hope you can help me out...Thanks.

You don't want either of those. You have two options, really:

a) Import your user accounts into OpenLDAP and then drop Active Directory. You can write scripts to do this, or probably find more info on-line about migration tools. You can then bind SM to your OpenLDAP directory.

b) Keep Active Directory, and point SquirrelMail to that. In this situation you need to add a valid AD username and password in the SquirrelMail configuration for SM to bind to AD with.

I simply cannot drop AD. For some reasons that my boss wants me to retain it. I just can't figure out how to bind SM with AD. I just don't know where to get the correct base DN. For the username and password, where will I see it in AD? Thanks.

The simplest option is to use ADSI Edit if you can't find the information in AD Users and Computers.

You need to create a user account for SM to use for binds, or give it the details of an existing account (which I don't recommend).

Thanks, Hob. I'll try it later.