[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch with simple bind to active directory

To: "Samuel GAUTIER" <s.gautier@unidirect.fr>, <openldap-software@OpenLDAP.org>
Subject: Re: ldapsearch with simple bind to active directory
From: "Fox" <lds0062@cdc.net>
Date: Wed, 5 Jun 2002 10:59:08 -0400
References: <20020605101326.3d026b74.s.gautier@unidirect.fr>

Samuel asked:

"Does Active Directory enable simple binds with clear Passwords ?"

The answer is yes.  I actually occassionally connect this way as Domain
Admin, exposing my password clear text for anyone to sniff until we get
IPSec working.

Is the name on the account actually "DLYRES" or is that the logon name
(sAMAccountName)?  If you set up your AD name to be "Dlyra Resanault", you
need to authenticate as:

"cn=Dlyra Resanault,cn=Users,dc=diwan,dc=fr "

I highly recommend installing freeware LDAPBrowser by Jarek Gawor (don't
confuse it with commercial products with the same name).  Do your bind
testing with it first, and once you get that working, try ldapsearch and
squid.

Link to LDAPBrowser:
http://www-unix.mcs.anl.gov/~gawor/ldap/index.html

Fox

----- Original Message -----
From: "Samuel GAUTIER" <s.gautier@unidirect.fr>
To: <openldap-software@OpenLDAP.org>
Sent: Wednesday, June 05, 2002 4:13 AM
Subject: ldapsearch with simple bind to active directory


> Does Active Directory enable simple binds with clear Passwords ?
>
> I would like to authenticate the squid users through the Active
> Directory using the LDAP module which works for me with Openldap
> I don't want to perform an anonymous bind, so i use the administrator
> account (DLYRES) as binddn but the bind fails :
>
>
> samlaptop:/opt/squidldap/libexec/squid # ./squid_ldap_auth -p -R -b
> dc=diwan,dc=fr -Dcn=DLYRES,cn=Users,dc=diwan,dc=fr -w diwan316975 -f
> userPrincipalName=%s 172.16.16.2 </root/dev/squid_auth_nds/test.no
> squid_ldap_auth: WARNING, could not bind to binddn 'Invalid
> credentials'
> ERR
>
> So I tryed with a simple ldapsearch :
>
> samlaptop:/root # ldapsearch -x -h 172.16.16.2 -D
> "CN=DLYRES,CN=Users,DC=societe,DC=fr" -b "DC=societe,DC=fr" -W
> objectclass=*
> Enter LDAP Password:
> ldap_bind: Invalid credentials
>         additional info: 80090308: LdapErr: DSID-0C090290, comment:
> AcceptSecurityContext
> error, data 525, v893
> samlaptop:/root #
>
>
> Any help would be apreciated !!!
> thanks

>
> sam
>

References:
- ldapsearch with simple bind to active directory
  - From: Samuel GAUTIER <s.gautier@unidirect.fr>

Prev by Date: attribute provided more than once
Next by Date: Re: attribute provided more than once
Index(es):
- Chronological
- Thread