we have a policy for some of our AD users to only logon to their respective computers (as opposed to using "All Computers" in ADUC).
our problem with LDAP search string is that whenever a users account is configured to logon to "All Computers", the search string is able to find the user and verify that the username and password he provided is correct.
however, when i limit the user to logon only to his computer using ADUC, the search string fails. to make it work, i have to include one of the domain controllers in the list of computers the user can logon to.
this is the LDAP search string:
ldapsearch -b "ou=others,dc=ACME,dc=com" -h ACME.com -p 389 -D user1@ACME.com -w password "(&(objectclass=user)(sAMAccountName=user1))"
question: is there something missing with the search string? and in the LDAP configuration, i have a doubt because an ordinary domain user was used as the account to do the LDAP searches.
appreciate any reply.
our problem with LDAP search string is that whenever a users account is configured to logon to "All Computers", the search string is able to find the user and verify that the username and password he provided is correct.
however, when i limit the user to logon only to his computer using ADUC, the search string fails. to make it work, i have to include one of the domain controllers in the list of computers the user can logon to.
this is the LDAP search string:
ldapsearch -b "ou=others,dc=ACME,dc=com" -h ACME.com -p 389 -D user1@ACME.com -w password "(&(objectclass=user)(sAMAccountName=user1))"
question: is there something missing with the search string? and in the LDAP configuration, i have a doubt because an ordinary domain user was used as the account to do the LDAP searches.
appreciate any reply.