Note: If you are running your LDAP server on Windows Server 2000, 2003 or 2008, you can use the LDIFDE (LDIF Directory Exchange) command to extract data from the server and write it to a text file. You can select to extract and write the contents of either the entire LDAP directory or a specific domain within the LDAP directory.
Prerequisites:
· Before starting the configuration process, you must have the Directory Information Tree, groups, and user accounts already created and in place on the LDAP server.
Note: In the example below we will be using the user John Smith who is part of the marketing.acme.com domain.
1. Open a command prompt window on your LDAP server.
Note: The LDIFDE command appears only on a server that is running Windows Server 2000, 2003 or 2008.
2. Enter the command C:\Windows\system32\LDIFDE.exe –f ldapexport.txt –s yourservername
3. Press Enter. The command displays its progress and then writes all of the content of your Active Directory to the text file ldapexport.txt
Note: C:\Windows\system32>ldifde -? In the window. LDIFDE displays a page showing command syntax, parameters and examples.
4. Use any text editor to open the file.
5. Search for a username. In the example below we searched the text file for the username John Smith.
6. You should see an entry a dn entry for the user that you are searching for.
Example:
Note: The attributes and information listed below is just for reference, you will need to review your LDIFDE file to find the proper information for your LDAP server.
dn: CN=John Smith, OU=Digital, OU=Users, DC=marketing, DC=California, DC=acme, DC=com
a. By examining the Distinguished Name (DN) for John Smith we can determine the following:
§ The Directory Information Tree (DIT) Root (DC=California, DC=acme, DC=com)
§ The User RDN key (CN=)
§ The Relative Authentication and Directory Service Locators (OU=Digital, OU=Users, DC=marketing)
b. The Object Class information required by DocuShare can also be identified in the file.
Example:
§ ObjectClass: person (User)
§ ObjectClass: user (Static Group)
c. By further examining the text file you can also identify various user properties (User Bind Attributes) of all user accounts.
Note: The Last Name User Bind attribute is required when configuring DocuShare to connect to LDAP.
Example:
§ mail: (email)
§ givenName: (Last Name)
§ sAMAccountName: (First Name)
§ sn: (Username)
b. The text file also contains LDAP attribute aliases that are used to identify various properties of each group on the Active Directory.
Example:
§ cn: (group title)
§ info: (summary)
§ description: (description)
At this point you should have gathered the following information:
· The hostname of the LDAP Server
· The port number of the LDAP Server
· If you use SSL, the port number you want to use for SSL
· The DIT Root
· The User RDN Key
· The Relative Authentication and Directory Services Attributes
· The Object Classes Attributes
· The LDAP user and group Bind Attributes
Note: The information gathered from the LDIFDE tool will be required when configuring DocuShare to connect to your LDAP server.
Solution Updated: September 3rd, 2014
Solution ID: 335