[KLUG Members] LDAP related question...

[Andrew Thompson]

On Fri, 2004-11-19 at 07:36, Adam Tauno Williams wrote:
> > Actually, I'm dealing with this on a Windows system, but as the only
> > LDAP expert I know is HERE...
> > I just discovered how to get ADO to connect to and query LDAP servers,
> > but for some strange reason, I'm getting no values in the objectClass
> 
> I'm not terribly surprised.  ADO implements an OLE DB connection to an
> LDAP servers, so I suspect it drops allot of the meta-data in order to
> appears as DBish as possible.  Have your tried specifying 'objectclass'

Yes, I did. The field is returned, but blank for every record.

> specifically as an attribute to be returned?  Some DSAs drop everything
> they consider meta-data unless you ask for it by name (creatorsname,
> modifersname, UUID, etc... as well).

A note I ran across on the ADSI OLEDB driver seems to suggest that you
can't just tell it to return every attribute. I presume this is largely
due to the wildly variable number of attributes on object might possess,
but with neither that nor a known objectClass, it's almost impossible to
tell what information one should look for.

> > attribute. I'm wondering if the server I'm accessing isn't a true LDAP
> > server, but just plays one on TV? 
> 
> If your talking about Exchange ~5.5, no, it REALLY just plays on TV, as
> a daytime soap opera I believe, not even in prime time.

Hah! Actually, I think it's whatever our systems are using for a login
dialogue. I THINK it's the standard XP login screen, but with Novell
stuff and Lotus Notes in there, it's hard for me as the lowly user to
know for sure.

> > I think it may be an Active Directory Service. 
> > Adam, do you know know just how LDAP 'compliant' ADSI is?
> 
> Quite, I know it does objectclasses, etc... You can query it's subschema
> and everything, even with the OpenLDAP client tools from a Linux box.
> AD actually interoperates quite well with everything although their
> schema is a bit wierd (but thats technically OK since they DO document
> it).

Hrm. They'd lynch me if I tried to plug in an authorized system, and no,
I wouldn't anticipate their authorizing it. Ah, well, I think I've
figured out this wouldn't likely get me what I was after, anyway, but it
did make for an interesting experiment.

Thanks a lot for the info, man!
-- 
Andrew Thompson <tempes at ameritech.net>
The Imagerie