How to connect to a remote LDAP server with a special namingcontext

Your PowerGUI Community: Simplify your PowerShell related GUI and script editing needs.


How to connect to a remote LDAP server with a special namingcontext

This question has suggested answer(s)
Dear community,

I just tried out Quest's ActiveRoles Management snapin and obviously I have to surrender now if I can't find a way to connect to my remote LDAP server :-(

A connection with powershell and .Net objects works:

$ldapRoot="LDAP://172.18.2.22/dc=xxx,dc=yyyl"

$directoryEntry = New-Object System.DirectoryServices.DirectoryEntry($ldapRoot)
$directoryEntry.psbase.AuthenticationType=[System.DirectoryServices.AuthenticationTypes]::FastBind

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry)

Now I wanted to give the QAD Cmdlets a try and I really failed in the beginning!

I can't connect to the LDAP server, because I don't know if and how I can persuade "connect-QADService" ( or whatever I should have used ) to connect to the server providing an IP address and a naming context.
Additionally I might heve to use simple bind later on to provide a username like "uid=user, ou=org" and a password "pwd" to connect.

Is this possible with the QAD Cmdlets? ... and if ... how?

kind regards, Klaus
All Replies
  • First, is your LDAP server a Windows Domain Controller, ADAM/ADLDS host, or a generic LDAP host? I'm not sure if Quest cmdlets or System.DirectoryServices support connections to anything other than Microsoft based Directory Services hosts.

    If your LDAP server is a Microsoft DC or ADLDS host then the following should do the trick to specify the host, naming context and supplying username and password in one command.

    get-qadobject -service 172.18.2.22 -SearchRoot 'dc=xxx,dc=yyy' -ConnectionAccount 'company\username' -ConnectionPassword $pw
  • Thanks Matt!

    I got the idea ... but still can't connect :-)
    I can connect with Softerra's LDAP Browser e.g. even as anonymous user, if I just want to read some attributes, but even this seems to be impossible with get-QADObject ( or I don't do it right )

    The server is an OpenLDAP 2.4

    Maybe this is the reason, why !? ...

    kind regards, Klaus

  • I believe that AD cmdlets currently do not support OpenLDAP. They are really geared towards AD and ADAM / AD LDS...