This is the multi-page printable view of this section. Click here to print.
Directory Services
- 1: Apple and AD
- 2: LDAP
1 - Apple and AD
Here’s the troubleshooting process
Verify DNS Records according to apple’s document.
DOMAIN=gattis.org
dns-sd -q _ldap._tcp.$DOMAIN SRV
dns-sd -q _kerberos._tcp.$DOMAIN SRV
dns-sd -q _kpasswd._tcp.$DOMAIN SRV
dns-sd -q _gc._tcp.$DOMAIN SRV
Ping the results. Then test for ports according the Microsoft’s document.
HOST=dc01.gattis.org
nc -z -v -u $HOST 88
nc -z -v -u $HOST 135
nc -z -v $HOST 135
nc -z -v -u $HOST 389
nc -z -v -u $HOST 445
nc -z -v $HOST 445
nc -z -v -u $HOST 464
nc -z -v $HOST 464
nc -z -v $HOST 3268
nc -z -v $HOST 3269
nc -z -v $HOST 53
nc -z -v -u $HOST 53
nc -z -v -u $HOST 123
A useful script is like so
#!/bin/bash
HOST=dc01.gattis.local
#HOST=dc02.gattis.local
## declare an array of the commands to run
declare -a COMMANDS=(\
"nc -z -u $HOST 88"
"nc -z -u $HOST 135"
"nc -z $HOST 135"
"nc -z -u $HOST 389"
"nc -z -u $HOST 445"
"nc -z $HOST 445"
"nc -z -u $HOST 464"
"nc -z $HOST 464"
"nc -z $HOST 3268"
"nc -z $HOST 3269"
"nc -z $HOST 53"
"nc -z -u $HOST 53"
"nc -z -u $HOST 123")
PIDS=""
for i in "${COMMANDS[@]}";do
$i &
PIDS+="$! "
done
2 - LDAP
sudo apt-get install libnss-ldap ldap-utils
# To get the attribute 'memberOf'
# Simple Bind with TLS
ldapsearch -v -x -Z -D "[email protected]" -W -H ldap://ad.domain.local -b 'OU=People,DC=domain,DC=local' '(sAMAccountName=someuser)' memberOf
# older style
ldapsearch -v -D "[email protected]" -w Passw0rd -H ldap://ad1.domain.local -b 'OU=People,DC=domain,DC=local' '(sAMAccountName=someuser)' memberOf
# Get all user accounts from AD created since 2007-07.
ldapsearch -v -x -Z -D "[email protected]" -W -H ldap://ad1.domain.local -b 'DC=domain,DC=local' -E pr=1000/noprompt '(&(objectClass=user)(whenCreated>=20100701000000.0Z))' sAMAccountName description whenCreated > all