Searching the global catalogs

In most cases, you use the Centrify OpenLDAP proxy service to search for information through the domain controller. However, you can also use the Centrify OpenLDAP proxy service to perform searches in the global catalog, if needed. The global catalog search is especially useful if you have a large, multiple-domain forest.

To specify that you want the Centrify OpenLDAP proxy service to search the global catalog, add “CN=$” to the front of the search base.

To search Active Directory for a specific account, use the syntax:

"(&(objectCategory=Person)(Name=amy.adams*))"

For example, in the global catalog, you might type a command similar

to the following:

/usr/share/centrifydc/bin/ldapsearch -h localhost -D
"cn=amy.adams,cn=NewUsers,dc=ajax,dc=org" -w password -x -b "cn=$"

By default the Centrify OpenLDAP proxy service is configured to disable anonymous binds. To allow anonymous binds:

  1. Edit the /etc/centrifydc/openldap/slapd.conf file.
  2. Remove or comment following line.

    require authc

If anonymous binds are disabled, you no longer need to specify the -D and -w parameters to invoke an ldapsearch. For example:

ldapsearch -h localhost -x -b "dc=wonder,dc=land"
"(&(objectClass=User)(displayName=Mister\*))" displayName