On 8/24/07, Pierangelo Masarati <> wrote: > DePriest, Jason R. wrote: > > > Thanks for the tip. I made the change and I am still getting the same > > basic error. > > It does not think there is a successful bind and won't honor my search request. > > > > Also, if there is a really good book I can buy that will help figure > > out the intricacies of OpenLDAP, please recommend it. > > I understand LDAP and I have managed a couple of different > > Directory-type products that are LDAP-based (Windows NT domain, > > Microsoft Active Directory, CA eTrust Directory). This is my first > > foray into OpenLDAP and, so far, I don't understand it. And that's > > frustrating. > > I think you should provide much more info on what you're trying to do > and where you got in the meanwhile. a full log of the proxy at level > "stats,stats2" would definitely help. > > About books, there should be a very good one (I should say ultimative) > by Howard Chu, but I don't know about its status. > > p. > Sorry about not providing much information. I am attaching a diagram to help illustrate. I have an application in a DMZ that needs to query Active Directory to pull information about users such as email addresses, physical addresses, phone numbers, etc. It does not need to perform any authentication, just pull information. >From a security stand-point, my department decided against punching holes in the firewall for this specific application. This keeps us from setting a precedent that would force us to punch holes for every other application and server that wanted this functionality. We decided to put an LDAP server in place. One of my teammates was assigned to work on the project after I initially put a server in the DMZ with the OpenLDAP software. That teammate is no longer employed here and did no work on this project in the two or three months leading up to his leaving. It is now my project because I put the server in place and because nobody else on my team is at all familiar with LDAP. I've done things with LDAP, so I was elected. Now that I have digressed with the sob-story, back to the tech. This LDAP server will have access through the firewall to our Active Directory servers and will make LDAP queries on behalf of this application for now and others in the future. I can run an ldapsearch command from the shell on the LDAP server successfully against AD, performing a successful bind with the user credentials provided. I cannot get the LDAP server daemon to successfully bind with the same credentials and I null binds are disabled on AD, so no bind, no query. I need OpenLDAP to have no local user or data store. It needs to bind with AD using the credentials I stick in the config file. It needs to proxy requests between this application and AD using LDAP commands. And Howard needs to get his book out! :P I searched Amazon, Bookpool, and Booksamillion for publish / availability dates and came up empty. Thank you in advance, -Jason
Attachment:
template-01.jpg
Description: JPEG image
