ldapsearch against Active Directory fails authentication + search params wrong

Solution 1:

Well, there are a few things that could be wrong with this:

1. You are specifying simple authentication, but you are not providing a password and you are not telling ldapsearch either to collect a password from the command line. Does the user John_Marshall not have a password? If he does have one, it has to be provided somehow. Either specify -w <passsword> or -W (to enter a password at a prompt).

2. Is the users binddn really cn=John_Marshall,dc=Americas? In our AD, just as an example, my own binddn would be "dn: CN=Wolfgang Schulze-Zachau,CN=Users,DC=aminocom,DC=com", i.e. there is no underscore between first name and surname

3. A binddn of "cn=John_Marshall,dc=Americas" is possible, but looks a bit short to me. Of course, this all depends on how your AD is configured. Can you verify that this really is the DN for that user? When you look at AD Users and Computers, what is the complete list of tree items leading to that user?

4. If you don't specify a filter, you'll get a list of all items that are in the searchbase. That could be a very long list.

OP Edit:

The correct incantation that worked was:

[John_Marshall@WN7-BG3YSM1 ~]$ ldapsearch -x -h <new_ip_addr> \
-D "Americas\John_Marshall" -W \
-b "cn=John_Marshall,ou=users,ou=austin,dc=amer,dc=MyComanyName,dc=com" \
mail telephonenumber ""