This document was generated from CDN thread
Created by: James Maudlin on 20-05-2011 10:22:17 AM
<h2>
WebEx Social LDAP 101</h2>
<h2>
</h2>
<h2>
Using "ldapsearch" to verify LDAP binding, search results, and performance</h2>
While WebEx Social has built in tools to help you verify that your Principal
Account can bind to LDAP and give you examples of LDAP mappings, how do
you handle an issue where you can't successfully bind to LDAP, the
results come back slowly, or you see results that are unexpected?
Luckily, there is a tool on the WebEx Social nodes that allows you to run an
LDAP query and see the results in the command line. It is called
"ldapsearch" and here is some sample syntax:
<pre>ldapsearch -x -h <LDAP_Server_Host/IP> -p 389 -D "CN=<your_admin_account>,OU=<your_OU>,DC=<domain>,DC=<com,org,net,local,etc>" -W -b "<what you want to search for - e.g.: CN=chrchand,OU=Employees,OU=Cisco Users,DC=cisco,DC=com"
</pre>
where:
<ul>
<li>
LDAP_Server_Host/IP = the hostname or IP address of the LDAP Server (Active Directory Domain Controller, for example)</li>
<li>
-p 389 = Connecting on TCP port 389 (the default, but you might need to change for certain customers)</li>
<li>
-D = Designates that what follows is the Common Name (CN) for the account you want to use to authenticate (AKA: bind) with LDAP</li>
<li>
-W = Will prompt you to enter the password for the account used in the -D flag above</li>
<li>
-b = Designates that what follows is the search base of what you are
searching for. Typically, this would be the CN of a particular user
account, but you could search an entire OU. Just keep in mind this would
return many results in a production environment.</li>
</ul>
Here is an example of the command and its output. The command itself
has been colored blue, the resulting LDAP query colored in red, and the
rest of the output in green in order to make them easier to see: XXXXX in thread = userid
ldapsearch -x -h ds.cisco.com -p 389 -D "CN=MyAdminAccount,OU=Generics,OU=Cisco Users,DC=cisco,DC=com" -W -b "CN=XXXXX,OU=Employees,OU=Cisco Users,DC=cisco,DC=com"
# extended LDIF
#
# LDAPv3
# base <CN=XXXXX,OU=Employees,OU=Cisco Users,DC=cisco,DC=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# chrchand, Employees, Cisco Users, cisco.com
dn: CN=XXXXX,OU=Employees,OU=Cisco Users,DC=cisco,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: XXXXXX
sn: XXXXXX
c: US
l: RICHARDSON
st: TEXAS
title: ENGINEER.SOFTWARE ENGINEERING
description: name
postalCode: 75082-3550
postOfficeBox: RCDN5/2/3
physicalDeliveryOfficeName: 52-445
telephoneNumber: phone number
givenName: name
distinguishedName: CN=XXXXX,OU=Employees,OU=Cisco Users,DC=cisco,DC=com
instanceType: 4
whenCreated: 20070315135542.0Z
whenChanged: 20100712133017.0Z
displayName: name (XXXXX)
otherTelephone: number
uSNCreated: 157338
info: .
memberOf: CN=RTP.ECPBU-ESCALATION.M,OU=Workgroup,OU=Cisco Groups,DC=cisco,DC=c
om
memberOf: CN=ecpbueng,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=crossb_collab_ro,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=xch_harvest_opt_in,OU=Standard,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=xmp_presnt_ro,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=wwcoe,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ssbr-aam,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ssausers,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=solpmt,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=rtg_ops,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=rlspreview-eng,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=relops-website,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ps-gamoore-group,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=psntrnal,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=psoweb,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=powerhour,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=owtallusers,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=owt370-r,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=nmo,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=mcpsw_guest,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=mcp_guest,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=it-uc-cdo,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ilecsalesteam,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ibsgit,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=guido,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=group-gamoore,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=fit-users,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=engonly,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=englearn-cdo,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=enged-news,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=enged-i3e,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=enged,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=engall,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=eng-peeps,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=emtp-oss_ro,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=emtp-oss,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=dpt22619,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=csg-codedrop,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=crrq-access,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=cnc_dash,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ciscoreg,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ciscoall,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=cdo_all,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ccbuguest,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ca_as_emea_rw,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=c3-routing-cvs,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=c3-routing,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=c2users,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=c2cusers,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=bmsweb2,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=allusers,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=xch-harvest-opt-in,OU=Standard,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=sw-visiostd,OU=Standard,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=sw-visiopro,OU=Standard,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=staff.tarmstro,OU=Organizational,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=staff.reg.tarmstro,OU=Organizational,OU=Cisco Groups,DC=cisco,DC=
com
memberOf: CN=group.tarmstro,OU=Organizational,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=group.reg.tarmstro,OU=Organizational,OU=Cisco Groups,DC=cisco,DC=
com
memberOf: CN=sw-sharepoint,OU=Standard,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=group.weppnerj,OU=Organizational,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=group.gamoore,OU=Organizational,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=group.allmgmt.chambers,OU=Organizational,OU=Cisco Groups,DC=cisco
,DC=com
memberOf: CN=cisco_default,OU=Standard,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=BroadwingTeam,OU=Workgroup,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=CMG-Full-Policy,OU=Standard,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=RCH.IPCBU-TRACE.M,OU=Workgroup,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=LEX.MFG-SUITE.M,OU=Workgroup,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=BXB.WWVP-CS.M,OU=Workgroup,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=BXB.CCBU-TAC.M,OU=Workgroup,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=BXB.CCBU-CUSTOMERRELEASES.M,OU=Workgroup,OU=Cisco Groups,DC=cisco
,DC=com
memberOf: CN=Geo-CustomerService,OU=Workgroup,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=GEO-ATG-TAC,OU=Workgroup,OU=Cisco Groups,DC=cisco,DC=com
uSNChanged: 183408886
department: 020022619
company: Cisco Systems, Inc.
homeMTA: CN=Microsoft MTA,CN=XMB-SJC-235,CN=Servers,CN=First Administrative Gr
oup,CN=Administrative Groups,CN=Cisco Systems,CN=Microsoft Exchange,CN=Servic
es,CN=Configuration,DC=cisco,DC=com
proxyAddresses: x500:/o=Seattle/ou=First Administrative Group/cn=Recipients/cn
=chrchand
proxyAddresses: x500:/o=ciscoSystems/ou=Corp/cn=Recipients/cn=chrchand
proxyAddresses: smtp:chrchand@exch-fe1.cisco.com
proxyAddresses: smtp:chrchand@exch-e2k.cisco.com
proxyAddresses: smtp:chrchand@emea-e2k.cisco.com
proxyAddresses: smtp:chrchand@exch.cisco.com
proxyAddresses: SMTP:chrchand@cisco.com
proxyAddresses: smtp:chrchand@amer.cisco.com
proxyAddresses: smtp:chrchand@emea.cisco.com
proxyAddresses: X400:c=us;a= ;p=Cisco Systems;o=Exchange;s=Chandler;g=Chris;
homeMDB: CN=Database 7,CN=Storage Group 4,CN=InformationStore,CN=XMB-SJC-235,C
N=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Cisco Sys
tems,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=cisco,DC=com
streetAddress: 2200 East President George Bush Highway
mDBUseDefaults: TRUE
mailNickname: XXXXX
employeeType: Regular
name: chrchand
objectGUID:: l4
80sUpkqh0j3KlElXrg==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
employeeID: XXXX
badPasswordTime: 0
scriptPath: cscoadls.vbs
pwdLastSet: 129140126279682516
primaryGroupID: 513
userParameters:: bTogICAgICAgICAgICAgICAgICAgIGQJICAgICAgICAgICAgICAgICAgICAgI
CAg
objectSid:: AQUAAAAAAAUVAAAAqDfWZdgFtE0H5TsrnS8DAA==
accountExpires: 9223372036854775807
sAMAccountName: XXXXX
sAMAccountType: 805306368
sIDHistory:: AQUAAAAAAAUVAAAAqDL2Bhh2zBi7WXE6hOUAAA==
sIDHistory:: AQUAAAAAAAUVAAAAI19jaxGZuXhDFwoy3iIAAA==
showInAddressBook: CN=Global Address List,CN=All Address Lists,CN=Address List
s Container,CN=Cisco Systems,CN=Microsoft Exchange,CN=Services,CN=Configurati
on,DC=cisco,DC=com
showInAddressBook: CN=Global Address List,CN=All Global Address Lists,CN=Addre
ss Lists Container,CN=Cisco Systems,CN=Microsoft Exchange,CN=Services,CN=Conf
iguration,DC=cisco,DC=com
showInAddressBook: CN=Standard GAL,CN=All Global Address Lists,CN=Address List
s Container,CN=Cisco Systems,CN=Microsoft Exchange,CN=Services,CN=Configurati
on,DC=cisco,DC=com
showInAddressBook: CN=Default Global Address List,CN=All Global Address Lists,
CN=Address Lists Container,CN=Cisco Systems,CN=Microsoft Exchange,CN=Services
,CN=Configuration,DC=cisco,DC=com
showInAddressBook: CN=Cisco Employees,CN=All Users,CN=All Address Lists,CN=Add
ress Lists Container,CN=Cisco Systems,CN=Microsoft Exchange,CN=Services,CN=Co
nfiguration,DC=cisco,DC=com
showInAddressBook: CN=All Users,CN=All Address Lists,CN=Address Lists Containe
r,CN=Cisco Systems,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=cisc
o,DC=com
managedObjects: CN=XXXXX-wxp-vm,OU=Workstations,OU=Cisco Computers,DC=cisco
,DC=com
managedObjects: CN=XXXXX-WXP,OU=Workstations,OU=Cisco Computers,DC=amer,DC=
cisco,DC=com
legacyExchangeDN: /o=Cisco Systems/ou=First Administrative Group/cn=Recipients
/cn=XXXXX
userPrincipalName: XXXXX@cisco.com
lockoutTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=cisco,DC=com
msNPAllowDialin: TRUE
proxiedObjectName: B:16:0000000000000001
C=amer,DC=cisco,DC=com
dSCorePropagationData: 20090302103442.0Z
dSCorePropagationData: 16010101000001.0Z
lastLogonTimestamp: 129234142420565393
textEncodedORAddress: c=us;a= ;p=Cisco Systems;o=Exchange;s=XXXX;XXXX;
mail: XXXX@cisco.com
manager: CN=weppnerj,OU=Employees,OU=Cisco Users,DC=cisco,DC=com
mobile: 214-676-8537
middleName: J
msExchPoliciesIncluded: {B32A33DB-6A14-4603-8BD8-FA1B725A710A},{26491CFC-9E50-
4857-861B-0CB8DF22B5D7}
ciscoITInternalPhoneNumber: 9023238
msExchHomeServerName: /o=Cisco Systems/ou=First Administrative Group/cn=Config
uration/cn=Servers/cn=XMB-SJC-235
msExchALObjectVersion: 195
msExchMailboxSecurityDescriptor:: AQAEgHgAAACUAAAAAAAAABQAAAAEAGQAAQAAAAACFAAD
AAIAAQEAAAAAAAUKAAAAYwAxAC0AMgAtAHcALgBjAGkAcwBjAG8ALgBjAG8AbQAvAGMAaQBzAGMAb
wAuAGMAbwBtAEAAYwBpAHMAYwBvAC4AYwBvAG0AAQUAAAAAAAUVAAAAqDfWZdgFtE0H5TsrVQQAAA
EFAAAAAAAFFQAAAKg31mXYBbRNB+U7K1UEAAA=
msExchUserAccountControl: 0
msExchMailboxGuid:: G0J0/716pkCFgtmruSLBoQ==
msExchQueryBaseDN: CN=Global Address List,CN=All Address Lists,CN=Address List
s Container,CN=Cisco Systems,CN=Microsoft Exchange,CN=Services,CN=Configurati
on,DC=cisco,DC=com
ciscoITDescription: Enterprise Collaboration Platform
ciscoITfloor: 2
ciscoITbuilding: RICHARDSON 5
ciscoITStatus: Active
ciscoITManagerUid: 53190
ciscoITSite: RICHARDSON
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
As we can see from the output, we get alot of information about the
user in question, This helps us validate that we can successfully bind
and search for the user, but it also gives us a chance to see each of
the LDAP attributes for the user so we can troubleshoot any oddities
that might result (e.g.: missing phone number, first and last name
mis-mapped, etc).
<h3>
What to do when things go wrong</h3>
OK, so we know what things look like when it works. But what do you do
when you get an error like this instead of all that output above:
<pre>ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
</pre>
How do we translate this into plain English? While not the definititive link for everything related to potential LDAP errors, this link has very good information on not only what a particular error code means, but what you might do to resolve it.
Subject: RE: Troubleshooting LDAP
Replied by: duncan westlake on 22-09-2011 09:01:17 AM
Hi James,
I have been using "ldapsearch" on WebEx Social 2.1 to test some import issues successfully. WebEx Social 2.5 SR1 does not seem to have the "ldapsearch" function any more. Has it been removed or is it used / called in a different way?
Thanks,
Created by: James Maudlin on 20-05-2011 10:22:17 AM
<h2>
WebEx Social LDAP 101</h2>
<h2>
</h2>
<h2>
Using "ldapsearch" to verify LDAP binding, search results, and performance</h2>
While WebEx Social has built in tools to help you verify that your Principal
Account can bind to LDAP and give you examples of LDAP mappings, how do
you handle an issue where you can't successfully bind to LDAP, the
results come back slowly, or you see results that are unexpected?
Luckily, there is a tool on the WebEx Social nodes that allows you to run an
LDAP query and see the results in the command line. It is called
"ldapsearch" and here is some sample syntax:
<pre>ldapsearch -x -h <LDAP_Server_Host/IP> -p 389 -D "CN=<your_admin_account>,OU=<your_OU>,DC=<domain>,DC=<com,org,net,local,etc>" -W -b "<what you want to search for - e.g.: CN=chrchand,OU=Employees,OU=Cisco Users,DC=cisco,DC=com"
</pre>
where:
<ul>
<li>
LDAP_Server_Host/IP = the hostname or IP address of the LDAP Server (Active Directory Domain Controller, for example)</li>
<li>
-p 389 = Connecting on TCP port 389 (the default, but you might need to change for certain customers)</li>
<li>
-D = Designates that what follows is the Common Name (CN) for the account you want to use to authenticate (AKA: bind) with LDAP</li>
<li>
-W = Will prompt you to enter the password for the account used in the -D flag above</li>
<li>
-b = Designates that what follows is the search base of what you are
searching for. Typically, this would be the CN of a particular user
account, but you could search an entire OU. Just keep in mind this would
return many results in a production environment.</li>
</ul>
Here is an example of the command and its output. The command itself
has been colored blue, the resulting LDAP query colored in red, and the
rest of the output in green in order to make them easier to see: XXXXX in thread = userid
ldapsearch -x -h ds.cisco.com -p 389 -D "CN=MyAdminAccount,OU=Generics,OU=Cisco Users,DC=cisco,DC=com" -W -b "CN=XXXXX,OU=Employees,OU=Cisco Users,DC=cisco,DC=com"
# extended LDIF
#
# LDAPv3
# base <CN=XXXXX,OU=Employees,OU=Cisco Users,DC=cisco,DC=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# chrchand, Employees, Cisco Users, cisco.com
dn: CN=XXXXX,OU=Employees,OU=Cisco Users,DC=cisco,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: XXXXXX
sn: XXXXXX
c: US
l: RICHARDSON
st: TEXAS
title: ENGINEER.SOFTWARE ENGINEERING
description: name
postalCode: 75082-3550
postOfficeBox: RCDN5/2/3
physicalDeliveryOfficeName: 52-445
telephoneNumber: phone number
givenName: name
distinguishedName: CN=XXXXX,OU=Employees,OU=Cisco Users,DC=cisco,DC=com
instanceType: 4
whenCreated: 20070315135542.0Z
whenChanged: 20100712133017.0Z
displayName: name (XXXXX)
otherTelephone: number
uSNCreated: 157338
info: .
memberOf: CN=RTP.ECPBU-ESCALATION.M,OU=Workgroup,OU=Cisco Groups,DC=cisco,DC=c
om
memberOf: CN=ecpbueng,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=crossb_collab_ro,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=xch_harvest_opt_in,OU=Standard,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=xmp_presnt_ro,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=wwcoe,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ssbr-aam,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ssausers,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=solpmt,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=rtg_ops,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=rlspreview-eng,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=relops-website,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ps-gamoore-group,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=psntrnal,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=psoweb,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=powerhour,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=owtallusers,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=owt370-r,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=nmo,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=mcpsw_guest,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=mcp_guest,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=it-uc-cdo,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ilecsalesteam,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ibsgit,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=guido,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=group-gamoore,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=fit-users,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=engonly,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=englearn-cdo,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=enged-news,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=enged-i3e,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=enged,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=engall,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=eng-peeps,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=emtp-oss_ro,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=emtp-oss,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=dpt22619,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=csg-codedrop,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=crrq-access,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=cnc_dash,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ciscoreg,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ciscoall,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=cdo_all,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ccbuguest,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=ca_as_emea_rw,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=c3-routing-cvs,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=c3-routing,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=c2users,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=c2cusers,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=bmsweb2,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=allusers,OU=Grouper,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=xch-harvest-opt-in,OU=Standard,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=sw-visiostd,OU=Standard,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=sw-visiopro,OU=Standard,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=staff.tarmstro,OU=Organizational,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=staff.reg.tarmstro,OU=Organizational,OU=Cisco Groups,DC=cisco,DC=
com
memberOf: CN=group.tarmstro,OU=Organizational,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=group.reg.tarmstro,OU=Organizational,OU=Cisco Groups,DC=cisco,DC=
com
memberOf: CN=sw-sharepoint,OU=Standard,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=group.weppnerj,OU=Organizational,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=group.gamoore,OU=Organizational,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=group.allmgmt.chambers,OU=Organizational,OU=Cisco Groups,DC=cisco
,DC=com
memberOf: CN=cisco_default,OU=Standard,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=BroadwingTeam,OU=Workgroup,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=CMG-Full-Policy,OU=Standard,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=RCH.IPCBU-TRACE.M,OU=Workgroup,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=LEX.MFG-SUITE.M,OU=Workgroup,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=BXB.WWVP-CS.M,OU=Workgroup,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=BXB.CCBU-TAC.M,OU=Workgroup,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=BXB.CCBU-CUSTOMERRELEASES.M,OU=Workgroup,OU=Cisco Groups,DC=cisco
,DC=com
memberOf: CN=Geo-CustomerService,OU=Workgroup,OU=Cisco Groups,DC=cisco,DC=com
memberOf: CN=GEO-ATG-TAC,OU=Workgroup,OU=Cisco Groups,DC=cisco,DC=com
uSNChanged: 183408886
department: 020022619
company: Cisco Systems, Inc.
homeMTA: CN=Microsoft MTA,CN=XMB-SJC-235,CN=Servers,CN=First Administrative Gr
oup,CN=Administrative Groups,CN=Cisco Systems,CN=Microsoft Exchange,CN=Servic
es,CN=Configuration,DC=cisco,DC=com
proxyAddresses: x500:/o=Seattle/ou=First Administrative Group/cn=Recipients/cn
=chrchand
proxyAddresses: x500:/o=ciscoSystems/ou=Corp/cn=Recipients/cn=chrchand
proxyAddresses: smtp:chrchand@exch-fe1.cisco.com
proxyAddresses: smtp:chrchand@exch-e2k.cisco.com
proxyAddresses: smtp:chrchand@emea-e2k.cisco.com
proxyAddresses: smtp:chrchand@exch.cisco.com
proxyAddresses: SMTP:chrchand@cisco.com
proxyAddresses: smtp:chrchand@amer.cisco.com
proxyAddresses: smtp:chrchand@emea.cisco.com
proxyAddresses: X400:c=us;a= ;p=Cisco Systems;o=Exchange;s=Chandler;g=Chris;
homeMDB: CN=Database 7,CN=Storage Group 4,CN=InformationStore,CN=XMB-SJC-235,C
N=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Cisco Sys
tems,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=cisco,DC=com
streetAddress: 2200 East President George Bush Highway
mDBUseDefaults: TRUE
mailNickname: XXXXX
employeeType: Regular
name: chrchand
objectGUID:: l4
80sUpkqh0j3KlElXrg==userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
employeeID: XXXX
badPasswordTime: 0
scriptPath: cscoadls.vbs
pwdLastSet: 129140126279682516
primaryGroupID: 513
userParameters:: bTogICAgICAgICAgICAgICAgICAgIGQJICAgICAgICAgICAgICAgICAgICAgI
CAg
objectSid:: AQUAAAAAAAUVAAAAqDfWZdgFtE0H5TsrnS8DAA==
accountExpires: 9223372036854775807
sAMAccountName: XXXXX
sAMAccountType: 805306368
sIDHistory:: AQUAAAAAAAUVAAAAqDL2Bhh2zBi7WXE6hOUAAA==
sIDHistory:: AQUAAAAAAAUVAAAAI19jaxGZuXhDFwoy3iIAAA==
showInAddressBook: CN=Global Address List,CN=All Address Lists,CN=Address List
s Container,CN=Cisco Systems,CN=Microsoft Exchange,CN=Services,CN=Configurati
on,DC=cisco,DC=com
showInAddressBook: CN=Global Address List,CN=All Global Address Lists,CN=Addre
ss Lists Container,CN=Cisco Systems,CN=Microsoft Exchange,CN=Services,CN=Conf
iguration,DC=cisco,DC=com
showInAddressBook: CN=Standard GAL,CN=All Global Address Lists,CN=Address List
s Container,CN=Cisco Systems,CN=Microsoft Exchange,CN=Services,CN=Configurati
on,DC=cisco,DC=com
showInAddressBook: CN=Default Global Address List,CN=All Global Address Lists,
CN=Address Lists Container,CN=Cisco Systems,CN=Microsoft Exchange,CN=Services
,CN=Configuration,DC=cisco,DC=com
showInAddressBook: CN=Cisco Employees,CN=All Users,CN=All Address Lists,CN=Add
ress Lists Container,CN=Cisco Systems,CN=Microsoft Exchange,CN=Services,CN=Co
nfiguration,DC=cisco,DC=com
showInAddressBook: CN=All Users,CN=All Address Lists,CN=Address Lists Containe
r,CN=Cisco Systems,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=cisc
o,DC=com
managedObjects: CN=XXXXX-wxp-vm,OU=Workstations,OU=Cisco Computers,DC=cisco
,DC=com
managedObjects: CN=XXXXX-WXP,OU=Workstations,OU=Cisco Computers,DC=amer,DC=
cisco,DC=com
legacyExchangeDN: /o=Cisco Systems/ou=First Administrative Group/cn=Recipients
/cn=XXXXX
userPrincipalName: XXXXX@cisco.com
lockoutTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=cisco,DC=com
msNPAllowDialin: TRUE
proxiedObjectName: B:16:0000000000000001
C=amer,DC=cisco,DC=comdSCorePropagationData: 20090302103442.0Z
dSCorePropagationData: 16010101000001.0Z
lastLogonTimestamp: 129234142420565393
textEncodedORAddress: c=us;a= ;p=Cisco Systems;o=Exchange;s=XXXX;XXXX;
mail: XXXX@cisco.com
manager: CN=weppnerj,OU=Employees,OU=Cisco Users,DC=cisco,DC=com
mobile: 214-676-8537
middleName: J
msExchPoliciesIncluded: {B32A33DB-6A14-4603-8BD8-FA1B725A710A},{26491CFC-9E50-
4857-861B-0CB8DF22B5D7}
ciscoITInternalPhoneNumber: 9023238
msExchHomeServerName: /o=Cisco Systems/ou=First Administrative Group/cn=Config
uration/cn=Servers/cn=XMB-SJC-235
msExchALObjectVersion: 195
msExchMailboxSecurityDescriptor:: AQAEgHgAAACUAAAAAAAAABQAAAAEAGQAAQAAAAACFAAD
AAIAAQEAAAAAAAUKAAAAYwAxAC0AMgAtAHcALgBjAGkAcwBjAG8ALgBjAG8AbQAvAGMAaQBzAGMAb
wAuAGMAbwBtAEAAYwBpAHMAYwBvAC4AYwBvAG0AAQUAAAAAAAUVAAAAqDfWZdgFtE0H5TsrVQQAAA
EFAAAAAAAFFQAAAKg31mXYBbRNB+U7K1UEAAA=
msExchUserAccountControl: 0
msExchMailboxGuid:: G0J0/716pkCFgtmruSLBoQ==
msExchQueryBaseDN: CN=Global Address List,CN=All Address Lists,CN=Address List
s Container,CN=Cisco Systems,CN=Microsoft Exchange,CN=Services,CN=Configurati
on,DC=cisco,DC=com
ciscoITDescription: Enterprise Collaboration Platform
ciscoITfloor: 2
ciscoITbuilding: RICHARDSON 5
ciscoITStatus: Active
ciscoITManagerUid: 53190
ciscoITSite: RICHARDSON
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
As we can see from the output, we get alot of information about the
user in question, This helps us validate that we can successfully bind
and search for the user, but it also gives us a chance to see each of
the LDAP attributes for the user so we can troubleshoot any oddities
that might result (e.g.: missing phone number, first and last name
mis-mapped, etc).
<h3>
What to do when things go wrong</h3>
OK, so we know what things look like when it works. But what do you do
when you get an error like this instead of all that output above:
<pre>ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
</pre>
How do we translate this into plain English? While not the definititive link for everything related to potential LDAP errors, this link has very good information on not only what a particular error code means, but what you might do to resolve it.
Subject: RE: Troubleshooting LDAP
Replied by: duncan westlake on 22-09-2011 09:01:17 AM
Hi James,
I have been using "ldapsearch" on WebEx Social 2.1 to test some import issues successfully. WebEx Social 2.5 SR1 does not seem to have the "ldapsearch" function any more. Has it been removed or is it used / called in a different way?
Thanks,