You want to manage AD user do you not ? Evolution talks to Exchange alright but it’s purely an email client. I don’t know th einner workins but it will be using MAPI to transfer mail back and forth and it uses a for of WebDAV for calendering. It doesn’t have anyway to manage AD, AD doesn’t talk HTTP either. Perhaps I’m misunderstanding you though.

After fixing these things, I get the same result though:

bind: : Can’t contact LDAP server (-1)

Perhaps I am out of luck. However, all this gave me another idea. I know there is an email client “Evolution” which can hook into an AD mail system if they have the webmail server in operation. I would think it would be easier to make something that talks to the webmail via http rather than directly to AD itself. Thoughts?

bind: : Can’t contact LDAP server (-1)

I do not have a bindpw set. Where would I set that?

What does your /etc/ldap/ldap.conf (Path might be different depending on your Distro)

Should have it setup like so:
BASE dc=srv02,dc=foo,dc=com
URI ldaps://srv02.foo.com
TLS_REQCERT allow

Well there is no problem having multiple setups in there but you need one for this server specifically. It’s possible the “TLS_REQCERT allow” line will fix it. It caused me all sorts of headaches.

The local config will override the /etc one so that’s ok. Also make sure your bindpw is obviously set to whatever it is. That *should* be you good to go. But your list command is a little off:

adtool list “ou=User Accounts,dc=srv02,dc=foo,dc=com”

Should show users, bear in mind the Whiespace in User Accounts means you need the inverted commas arouns it. Hope it works ! If not let me know.

adtool list foo.com

I get the following:

bind: : Can’t contact LDAP server (-1)

Here’s what I currently have. A user with a .adtool.cfg in homedir containing:

uri ldaps://srv02.foo.com
binddn cn=jess6,cn=Users,dc=srv02,dc=foo,dc=com
bindpw blank
searchbase dc=srv02,dc=foo,dc=com

(where foo is really my domain, and srv02.foo.com does resolve to my AD server)

I have /etc/adtool.cfg

uri ldap://srv02.foo.com
binddn dc=foo,dc=com
searchbase dc=foo,dc=com

Should this work?

Then we’d use:

BASE dc=srv1,dc=yahoo,dc=com
URI ldaps://srv1.yahoo.com

Apologies wordpress/gmail dropped your reply, so if it’s still causing you hassle let me know.

email: jessica6_2000@yahoo.com

Thanks!

Not sure if you want to post your details of your AD here, but I can certainly give you basics of it if you want to ?

In my example I had a domain controller called felim-srv2.test.domain

So I setup two files (Ubuntu/Debian)
In my home folder I created a file called .adtool.cfg which contained:

uri ldaps://felim-srv2.nlctest.domain
binddn cn=Administrator,cn=Users,dc=nlctest,dc=domain
bindpw blank
searchbase dc=nlctest,dc=domain

This was using the Administrator account, but you don’t need that, you just need to be a user with rights to manage whatever OU contains the user you want to manage.

Then I also had to add to me /etc/ldap/ldap.conf :

BASE dc=felim-srv2,dc=nlctest,dc=domain
URI ldaps://felim-srv2.nlctest.domain
TLS_REQCERT allow

This allows me to use LDAPS and manage the user passwords. It’s a bit hard not knowing your setup (That being the main issue as you do have to know the paths) but if you want to post more info I’ll happily reply or I can email you if you’d like.

The best way to really discover whether something is a OU or a CN is to use an LDAP browser like Luma for Linux. AD hides the raw LDAP locations away which can be a bit of a pain.

I’ve seen the man page, but it leaves a lot to be desired.
I’ve guessed and tried quite a bit, trying various combinations of ou=foo, dc=blah, cn=what, etc., but really don’t know what else to try.

It would be great to NOT have to boot up a Windows box to do AD administration.

Thanks!