Handy LDAP Integration Configuration Tips

Often I am asked to integrate a software solution into Active Directory so that users are authenticated directly against AD (via LDAP or LDAP/S).  One of the biggest pains is defining the Search Base DN (where LDAP will query if a user is indeed valid).

A neato tool that you can use to identify the fully qualified Search Base DN is dsquery.  Use the following command to search on a Directory Server to understand what are all of the users, and what are their DN:


dsquery user -limit 10000 | dsget user -dn > out.txt


Then simply open up “out.txt” and you will see all of the available DNs for each user!


Hope this helps!

Written by

June 21, 2011
Comments 0

Speak Your Mind



This site uses Akismet to reduce spam. Learn how your comment data is processed.