We're using WSFTP, which has an Active Directory Integration module. To populate the user accounts you need to provide a connection string akin to:
- OU=Users,DC=domain,DC=com
- CN=Domain Users,OU=Users,DC=domain,DC=com
Questions:
- Is there a Tool/Program/Script/Formula that allows me to decipher how these strings might look based on what I can see in Active Directory Users & Computers?
- Is there a proper/accepted name for these types of connection strings? I don't even know what to Google to get more information about how to format one properly
- How would I troubleshoot the connection string if I think it looks correctly formatted, but it isn't working?
Thanks!
Read up on LDAP: http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
Those are LDAP Distinguished names.
As to how they look in AD, lets take this simple structure:
the DN for this user would be:
CN=userA,OU=UserContainer,dc=mydomain,dc=local(note I'm not using the default "users" container, that little bestie is a Microsoftism, and not a real container. In AD it's actually a CN (aka a leaf object, that magically has users in it instead of the container (OU) object it should be ... grrrr))Tool to browse LDAP [link text][1]
[1]: [1]: http://www.ldapbrowser.com/"Softerra LDAP Browser"
On Windows 2003/2008 or workstation with RSAT you could use dsquery command. It gives you ldap path for object.
USER_COMMON_NAMEis not equal your user login, I don't remember, but probably it is equal description field from yourActive Directory Users and Computersconsole.Alternatively, you could use ldapsearch command from linux box (but first, you must configure openldap library in /etc/openldap/ldap.conf). I don't remember its syntax, but you must provide some account with password (Bind account) to bind to ldap from your Active Directory.
Here is link to article about LDAP in Windows