Connecting to LDAP from SQL Server

Successful, yes. I've written scripts that go out to the LS security and create web pages out of groups and all their members, etc. Not sure though what the Windows equivalent is.... I'm working from a Unix box and using ldapsearch command.

For example:
ldapsearch -D cn=$admin -w $admin-password -h $tds_host -p 389 -b "ou=resources,o=lwsnrmdata,o=lwsn,dc=genesishealth" cn=10002019 zzlwsnattrRole

Will return every Role that user 10002019 has been assigned.

You can use JXplorer to connect to LDAP from a Windows box to look around. http://jxplorer.org/

Hi Greg,
We have unix here also, but I can not find the command ldapsearch. Is this a separate package that you installed? Thank you.

No, Jim,  ldapsearch should have been installed as a part of TDS, I believe.  Ours is in /opt/IBM/ldap/V6.2/bin  ---  Yours may have a different version of db2/tds.

Let me share one of my scripts-  It's not real pretty, but it works.

Please modify as you need.  I only ask you leave me in the comments as the original author.

One thing:  some versions of ldapsearch will not support the -1 option, so I believe you could leave it off.

-Greg

Ricky,
While Greg has given you a very solid way to do this via script, this can also be done natively in T-SQL.

See this website for ideas:

http://www.databasejourna...rver-using-T-SQL.htm

Kwane

Ricky:  Kwane has given you a solid suggestion as well! 

As long as we are in the process of sharing.  I can share another script with you.  This one will list the group names and all of the users that belong to that group underneath.  We use this every single day keeping track of all of our LBI stuff.

Cheers!

Ricky: Reading the subject of your original post, it appears to me that ldap may not be installed on the server that you are trying to connect to the Lawson LDAP from. You can get ldapsearch from the OpenLDAP packages. http://www.openldap.org/ If you are on Sun/Oracle you can get the package file from www.sunfreeware.com Or you can do searches to find it other places specific to your platform.

Greg: We are on a windows box. Will ldapsearch work? Basically, we trying to connect to Lawson Security to pull information. We have JExplorer but you can't set any auto jobs on it. Or maybe it can but I'm not aware of it. Do you know? Thanks.

Greg: We are on a windows box. Will ldapsearch work? Basically, we trying to connect to Lawson Security to pull information. We have JExplorer but you can't set any auto jobs on it. Or maybe it can but I'm not aware of it. Do you know? Thanks.

ldapsearch will indeed work... but you may have to download ldp.exe see:
http://publib.boulder.ibm...2Fitm_install161.htm
Or you can find other equally good ldapsearch equivalents for Windows...
http://securityxploded.com/ldapsearch.php

If your LSF environment is on Windows, I'd expect there to already be a command called ldapsearch on your server... or maybe ldp.exe or ldapsearch.exe

So if not, do i install ldapsearch on the database server or the the application server?

It really doesn't/shouldn't matter. You could install ldapsearch on your worstation, if you choose to. It will just connect to the servername you specify in the -h parameter at the port specified by the -p parameter. Doesn't matter where you do the search from. Install it where ever it makes the most sense for you and/or your organization.

Post back if you still have questions or issues.

Hi Greg: Thanks for the info. Another question for you if you don't mind. Its a little off topic but hopefully you don't mind. How are you guys tracking changes user made in portal? For example, ESS changes/inquire, PA changes, and HR11 changes. Any audit you guys doing?

Ricky: Yes, maybe that question deserves it's own post, but to get started, I'll answer what I know.
Not really any auditing going on. We do have one Smart Notification, that will alert the HR staff if someone adds a bank for their direct deposit. (Or maybe I'm just dreaming that)?

I'll do some checking and post back.

So you guys don't have any sort of audit log to capture who changed what in the database?

Just for the tables that have userid or user_name on them... I hear that much more auditing is coming with Infor 10.

hello i am trying to use Crystal reports to Query LDAP? have you done this before?