O
ohaya
Hi,
I have to retrieve the 'pwdLastSet' attribute for a user from Active
Directory (Win2K Server), but I'm finding that if I use an anonymous
bind, I am not able to export it. If I do a simple bind (e.g., using
"cn=Administrator,cn=users,dc=whatever,dc=com", I can get it.
For example:
ldifde -f foo4 -s localhost -d
"cn=adpasswordexpired,cn=users,dc=whatever,dc=com" -r "(pwdlastset=*)"
-l pwdlastset -a "cn=administrator,cn=users,dc=whatever,dc=com" *
works, but:
ldifde -f foo4 -s localhost -d
"cn=adpasswordexpired,cn=users,dc=whatever,dc=com" -r "(pwdlastset=*)"
-l pwdlastset -a "" ""
returns nothing.
I thought that Win2K Server AD was enabled for anonymous binds by
default, so shouldn't I be able to access 'pwdLastSet'?
If I have to use a simple bind to get 'pwdLastSet', can anyone tell me
what kind of user I need to do the bind (e.g., has to be a member of
Administrators, etc.?), as I'd like to not to have to use cn=Administrator.
Thanks,
Jim
I have to retrieve the 'pwdLastSet' attribute for a user from Active
Directory (Win2K Server), but I'm finding that if I use an anonymous
bind, I am not able to export it. If I do a simple bind (e.g., using
"cn=Administrator,cn=users,dc=whatever,dc=com", I can get it.
For example:
ldifde -f foo4 -s localhost -d
"cn=adpasswordexpired,cn=users,dc=whatever,dc=com" -r "(pwdlastset=*)"
-l pwdlastset -a "cn=administrator,cn=users,dc=whatever,dc=com" *
works, but:
ldifde -f foo4 -s localhost -d
"cn=adpasswordexpired,cn=users,dc=whatever,dc=com" -r "(pwdlastset=*)"
-l pwdlastset -a "" ""
returns nothing.
I thought that Win2K Server AD was enabled for anonymous binds by
default, so shouldn't I be able to access 'pwdLastSet'?
If I have to use a simple bind to get 'pwdLastSet', can anyone tell me
what kind of user I need to do the bind (e.g., has to be a member of
Administrators, etc.?), as I'd like to not to have to use cn=Administrator.
Thanks,
Jim