Has anyone thus far used the machine account to perform ldap queries to the active directory ldap server? Essentially what I am trying to do is have some cron scripts perform ldap queries to the AD server to get things like account status and such. I realize that technically the AD server can be setup to allow anonymous ldap queries, or a separate service account could be used. However due to security policy constraints in our environment, neither of these can be done.
Therefore what I am trying to do is get ldapsearch or similar to use the machine account. I'm guessing the simplest approach would be to find a way to extract the machine account name and password from whatever samba database holds it, then pass that directly into ldapsearch. Ideally I would just use some sort of samba built-in utility (to avoid needing to pass the password in via insecure command line args or environment variables that can potentially be read by other users on the system), however I can't seem to find anything in the samba suite that performs that function. Ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
