What is LDAP? How to query the directory?

[ivanv]

Hi,

I know more or less what LDAP is, but I need to know how to find out if it's enabled on my AD controller and how to access it and query it.

Specifically, I need the following information:

A "DN" where to perform searches for users.
A "DN" for the username that is the admin of the server.
And, what are the field names Win2k3's LDAP uses for the name, email, and username ("cn", "mail", and "uid" maybe?)

Well, that would be all. I hope someone can help me with this issue...

In case you need to know, all of this is so I can make Jive Messenger authenticate through AD. Huge task for me given that I know almost nothing about AD, LDAP and Jive...

Thanks in advance!

 

[JimWells]

Ivan,

Have you tried all of the Forums at Jive Messenger? I've gotten it to work, though based on the version, some things have been broken in the past (The guys at Jive don't run their test lab on AD yet).

A good tool to use to learn this stuff is Softerra's LDAP Browser.

I don't have time right now, but this evening I'll post my Jive config files so you can take a look. I worked with Jive on the last two releases of Messenger on some AD-related problems.

 

[ivanv]

Hey, thank you Jim!

I did ask in the Jive forums, but they don't seem very helpful so far...

I'll wait for your next post, and in the mean time I'll try the browser you mention.

Thanks a lot!

 

[JimWells]

No prob. (And FYI - Active Directory IS an LDAP directory...to answer your first question. AD/NTDS uses LDAP and Kerberos as its primary standards.

 

[JimWells]

Here you go:

In your conf file,

<adminConsole>
<port>9090</port>
-
<authorizedUsernames>user.name</authorizedUsernames>
</adminConsole>
- <ldap>
<host>dc1.domain.local</host>
<port>389</port>
<usernameField>sAMAccountName</usernameField>
<nameField>DisplayName</nameField>
<emailField>mail</emailField>
<baseDN>OU=User Container, DC=domain, DC=local, </baseDN>
<adminDN>CN=user.name, OU=OLF Users, DC=domain, DC=local, </adminDN>
<adminPassword>user.name's password</adminPassword>
</ldap>
- <provider>
- <user>
<className>org.jivesoftware.messenger.ldap.LdapUserProvider</className>
</user>
- <auth>
<className>org.jivesoftware.messenger.ldap.LdapAuthProvider</className>
</auth>
</provider>
- <connectionProvider>
<className>org.jivesoftware.database.DefaultConnectionProvider</className>
</connectionProvider>

See what happens if your config mirrors this?

Also - what DB are you using behind Jive? I've had success with my other config (auto-populating lists from AD, etc). using mySQL...

Good luck!

 

[ivanv]

Thanks for the trouble!

I came up with the solution while you were gone... And I don't really know what was that made it work, but I'm guessing it's the usernameField which I wrote exactly like you did.

I'm using the integrated DB. I don't know what the benefits would be of integrating it with either mySQL or MSSQL (both available on the network), but I'm guessing not many since there be 20 users at most using the service.

Well, thanks again!

 

[JimWells]

There are some advantages - you can control more, edit user lists directly, logging options that you can pull...(I don't think there's an interface to actually DO anything with message logs in the integrated). If you have mySQL available, I'd use that. It's really recommended by Jive NOT to use the integrated DB if you have another option...

 

[ivanv]

Ok, thanks for the info!