Posted on 04-16-2013 08:33 AM
I am working with a customer who is using centrify. We are trying to use DSCL to pull Email, Phone and more from the AD. How ever centrify isn't mapping that stuff. Is there a way to do that? Or pull the info from AD without binding the computers to it?
thanks!
Posted on 04-16-2013 12:44 PM
Do you mean that you want that information in Casper? Have it do the LDAP lookups directly, and configure the fields in the LDAP mapping.
Posted on 04-16-2013 04:10 PM
Hi Matt,
You could use Centrify's ldapsearch binary to retrieve extended AD attributes. For example, to retrieve the "homeMTA" property of the user user1, the ldapsearch query would look something like:
/usr/share/centrifydc/bin/ldapsearch -m -Q -b "DC=example,DC=domain,DC=com" '(CN=User One)' | grep homeMTA
-m Authenticates with machine credentials. -Q Uses SASL Quiet mode (Hides the authentication steps) -b Is the base distinguished name used for the search
The other option is to use adedit, which is a full AD query engine built into the DirectControl agent. The documentation on that is on Centrify's Support Portal website in the Documentation section > Programmer's Guides.
Thanks,
Brian