Kevin, Thank you for your suggestions.
>Try using the ldapsearch command line client, I find it is much closer to the way the perl ldap library is connecting. Once you make that >connect, the same user should be fine. One thing about AD is that sometimes the AD server responds better to a user of >samaccountn...@domain (email address style login) rather than a full DN, but I've never found an explanation for why. yes, I had been trying to use ldapsearch but was getting bogged down in getting it configured to work. First had to install OpenLdap which also depended on BerkeleyDB, then ran out of HDD space and finally gave up. I was able to get it to run but never did get it to return anything at the command line. Ended up I was able to to get things working without that and without resorting to the samaccountn...@domain format (see my reply today to Mike Johnson), but may try it as a test anyway just to have an alternative in case something down the road requires it. I appreciate the help. Sincerely, Gene Evans
RT Training in Washington DC, USA on Oct 25 & 26 2010 Last one this year -- Learn how to get the most out of RT!