LDAP Queries are spaced out…
I was looking at a metaverse object in MIIS today noticed some admin had set the mail attribute to a single SPACE ( ) character. The Metaverse is stored in a SQL server, so naturally the query...
View ArticleClik here to view.
ADAM Anonymous Bind with bind Redirection issue when passing NULL passwords
It was discovered quite awhile ago, that due to an RFC for LDAP, and using Bind Redirection for simple bind authentication back to Active Directory could be a problem. I will explain the scenario, and...
View ArticleEfficiency with LDAP Queries
Today I have to help troubleshoot another application with poor LDAP performance, so I figured I’d tag this here for later reference. Creating More Efficient Active Directory-Enabled Applications...
View ArticleClik here to view.
ADAM, userProxy, and sidHistory: Not always what you expected
I had an interesting afternoon today, trying to identify an issue that occurred while working on a user migration project. This is a solution I have used for many apps that only support a single...
View ArticleUPN and cross-forest LDAP simple binds
Recently I was looking to help an application built on ColdFusion’s CFLDAP module, which relied upon LDAP for “authentication”, and could only be used with simple binds as a mechanism for presenting a...
View ArticleLDAP over SSL/TLS: How secure is your Directory?
One of the issues with using LDAP as an “Authentication” protocol for applications is that this usually means LDAP simple binds. LDAP simple binds by default will pass the userId and userPassword in...
View ArticleClik here to view.
Searching Active Directory in Windows Vista
In a discussion on the ActiveDir.org mailing list today, it came up about searching Active Directory in Windows. From a Windows 2000, or Windows XP, this can be done from the start menu Find People...
View ArticleLotus Domino LDAP SSL certificate issue
While trying to setup a Lotus Domino server 6.5.x server to use LDAP over SSL, it appears that it does not support a 4096-bit key length. When you try to import the root certificate into the Domino key...
View ArticleAvoid changing the MaxPageSize LDAP query policy
I came upon a blog post on Scott Lowe’s blog suggesting a solution to resolve AD integration issues where more than 1,000 results are returned in a query on some UNIX/LINUX systems. I will try to...
View ArticleLogging the source IP of simple LDAP binds
Simple bind events don’t record the calling Computer as the source, but record the ADDS-DC or the ADLDS instance name, so you cannot determine where the simple bind request came from. So if you are...
View Article