Users & Groups of LDAP Server.

Hi

You should be able to do this using dscl:

dscl

keying this in puts you in interactive mode, follow this with:

list

and you should see something like this:

Bonjour
LDAPv3
NetInfo
SLP

Search
Contact

The above shows that I've done this on a 10.4 client. For 10.5 you won't see the NetInfo node. To go anywhere simply issue:

cd LDAPv3

followed by:

list

Which should show the IP address(es) of your LDAP Server(s). If you are bound to AD you should see the Active Directory/All Domains node in the directory nodes list. use cd to go to which ever LDAP Server you are interested in. Use the 'quit' command to come out of interactive mode.

Its fairly straight forward. Consult the manual for proper usage: man dscl although when you first enter dscl in interactive mode you get a helpful list of commands.

Tony

Hi

You could have tried this yourself however what follows takes all of 10-15 seconds and should give you pretty much anything you want:

dscl

list

cd LDAPv3

list

cd IPaddress or FQDN of your LDAP Server

You should now see something like this:

AccessControls
AutoServerSetup
CertificateAuthorities
ComputerLists
Computers
Config
FileMakerServers
Groups
Locations
Machines
Mounts
Neighborhoods
People
PresetComputerLists
PresetGroups
PresetUsers
Printers
Users

cd Users

list

You should now see something like this:

diradmin
root
user1
user10
user2
user3
user4
user5
user6
user7
user8
user9
vpn_73565997fb81

Follow this with read followed by the the name of the user you are interested in. eg:

read user1

You should now see a whole raft of information some of which will look like this:

NFSHomeDirectory: /Network/Servers/serverfqdn/Volumes/HardDrive/Users/user1
Password: ******
PhoneNumber: 12345 678901
Picture: /Library/User Pictures/Nature/Cactus.tif
PostalCode: NG16 2DQ
PrimaryGroupID: 20
RealName: User1
RecordName: user1 User1
RecordType: dsRecTypeStandard:Users
State: addressinfo
Street: addressinfo
UniqueID: 1025
UserShell: /bin/bash

As you can see you get the UID number as well as the GUID. Does this answer your post?

Tony

Hi

I'm sorry I don't understand the question? You are going to have to explain it a bit more? Possibly you mean the interactive prompt icon? If that is what you mean its shift fullpoint on your keyboard. I can't key it in here as it turns into an indent.

Tony

Hi,
If you are looking for a one line entry to retrieve the information from the LDAP server you might try the ldapsearch command. I've used

ldapsearch -h hostname -b "dc=example,dc=com" 'cn=First Last'

The following link provides more info and examples:

http://discussions.apple.com/thread.jspa?messageID=6652149&#6652149

Another data point,
Harry

Along these lines, one of my geniuses had deleted the diradmin account (overwrote it while importing users) How can we create a new diradmin account using command line tools?

Thanks,

Pete

Hi

What problems are you having exactly?

Tony

What Problems?

The regular admin account can log in via WGM, but cannot EDIT any user settings in the LDAP / [OD] area. It can edit local users.

So the LDAP / [OD] users are essentially off limits to changes.

Is there a way to assign diradmin privileges to the regular admin user?

10.5.2 Advanced Server

TIA,

Pete

Hi Pete

"What Problems?"

I could take this to mean "What Problems - where do I start?" or "What Problems - can't you see?". If its the second then "No I don't see - I'm not a mind reader". There are plenty of posts in these forums that discuss the problem you seem to be having. Some of them with solutions. Did you browse for these first?

Back to this topic. The OP wanted to know how to use dscl to list UID and GUIDs. You're saying you can't log into the LDAP node with the Directory Administrator account? That's a different thing. I suggest you post a thread re-stating the issue and what the server configuration is. That way - hopefully - we can all join in and try to help.

Tony

have you tried using root user to readd/reconfig diradmin user?