[KLUG Members] LDAP related question...

[Adam Tauno Williams]

> > > Actually, I'm dealing with this on a Windows system, but as the only
> > > LDAP expert I know is HERE...
> > > I just discovered how to get ADO to connect to and query LDAP servers,
> > > but for some strange reason, I'm getting no values in the objectClass
> > I'm not terribly surprised.  ADO implements an OLE DB connection to an
> > LDAP servers, so I suspect it drops allot of the meta-data in order to
> > appears as DBish as possible.  Have your tried specifying 'objectclass'
> Yes, I did. The field is returned, but blank for every record.

Are you making this connection from Visual Basic?  Are you using the SQL
dialect or native LDAP filter specifications?

I have this page bookmarked -
http://support.microsoft.com/kb/q187529/

And I'm pretty sure the LDAP providers in ADSI 2.5 and previous
(inclusive) were quite buggy.  I don't know what the current version of
ADSI is; I just have a scribbled note in the corner of a page about 2.5
and previous.

I'd simply grab a copy of JXplorer (a Java LDAP client) and aim it at
your DSA and see what you see,  should tell you how compatible the DSA
is and if it is a tool problem or a broken DSA implementation.

> > specifically as an attribute to be returned?  Some DSAs drop everything
> > they consider meta-data unless you ask for it by name (creatorsname,
> > modifersname, UUID, etc... as well).
> A note I ran across on the ADSI OLEDB driver seems to suggest that you
> can't just tell it to return every attribute.

Right, as I recall OLEdb doesn't implement much intelligence in the
sense of a "catalog" or "data dictionary".  And the data dictionary
presented by a DSA is an order of magnitude more complex than that of a
'typical' RDBMS database (although 'real' databases like Oracle,
Informix, DB2, and PostgreSQL [to a lesser extent] do support things
like mutlivalued fields, array types, and nested structs; many tools
blow up when they encounter such things).

>  I presume this is largely
> due to the wildly variable number of attributes on object might possess,

Seems resonable.

> but with neither that nor a known objectClass, it's almost impossible to
> tell what information one should look for.

One needs to know in advance.

> > > attribute. I'm wondering if the server I'm accessing isn't a true LDAP
> > > server, but just plays one on TV? 
> > If your talking about Exchange ~5.5, no, it REALLY just plays on TV, as
> > a daytime soap opera I believe, not even in prime time.
> Hah! Actually, I think it's whatever our systems are using for a login
> dialogue. I THINK it's the standard XP login screen, but with Novell
> stuff and Lotus Notes in there, it's hard for me as the lowly user to
> know for sure.

Both NDS and Lotus Notes should be reasonably compatible with main
stream LDAP tools.  Recent versions of them anyway.