Help

Need help with Centrify (OT)

matt4836
Contributor II

Posted on ‎04-16-2013 08:33 AM

I am working with a customer who is using centrify. We are trying to use DSCL to pull Email, Phone and more from the AD. How ever centrify isn't mapping that stuff. Is there a way to do that? Or pull the info from AD without binding the computers to it?
thanks!

0 Kudos
2 REPLIES 2

JPDyson
Valued Contributor

Posted on ‎04-16-2013 12:44 PM

Do you mean that you want that information in Casper? Have it do the LDAP lookups directly, and configure the fields in the LDAP mapping.

0 Kudos

BLau
New Contributor

Posted on ‎04-16-2013 04:10 PM

Hi Matt,

You could use Centrify's ldapsearch binary to retrieve extended AD attributes. For example, to retrieve the "homeMTA" property of the user user1, the ldapsearch query would look something like:

/usr/share/centrifydc/bin/ldapsearch -m -Q -b "DC=example,DC=domain,DC=com" '(CN=User One)' | grep homeMTA

-m Authenticates with machine credentials. -Q Uses SASL Quiet mode (Hides the authentication steps) -b Is the base distinguished name used for the search

The other option is to use adedit, which is a full AD query engine built into the DirectControl agent. The documentation on that is on Centrify's Support Portal website in the Documentation section > Programmer's Guides.

Thanks,
Brian

0 Kudos