RE: Getting output from proxied Active Directory connection

["Clemson, Chris \(IHG\)" <Chris.Clemson@ihg.com>]

> Subject: Getting output from proxied Active Directory connection

After all that, I try the same thing again today, and it works first
time!!
However, I seem to be having problems with the idassert section.
When I do an ldapsearch, if I specify a username and password on the
command line, it works, but doesn't use the idassert details.

If I just do:

ldapsearch -x -b "cn=Chris Clemson,ou=users,ou=SITE,ou=Corp,ou=Service
Delivery,DC=emea,DC=corp,DC=local"

I get:

"48 Inappropriate authentication"

If I do:

ldapsearch -b "cn=Chris Clemson,ou=users,ou=SITE,ou=Corp,ou=Service
Delivery,DC=emea,DC=corp,DC=local"

I get:

SASL/OTP authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-13): user not found: no OTP secret in
database

Basically I'm trying to give read only access to anonymous clients.
According to something I've read, I need to use idassert-authzFrom too,
but surely I don't need this if I want to allow anonymous connections?
Any idea what I'm missing?

Below is my config:

> Slapd.conf
> ----------
> include		/etc/openldap/schema/core.schema
> include		/etc/openldap/schema/cosine.schema
> include		/etc/openldap/schema/inetorgperson.schema
> include		/etc/openldap/schema/MSOutlook.schema 
> <- custom one I
> found on for other attributes
> pidfile		/var/openldap/run/slapd.pid
> argsfile		/var/openldap/run/slapd.args
> Moduleload		back_ldap.la
> access to * by * read
> database		ldap
> uri			ldap://LOCALDC
> suffix		"dc=emea,dc=corp,dc=local"
> idassert-bind
> 	bindmethod=simple
> 	binddn="cn=OpenLDAP Access
Account,cn=users,DC=emea,DC=corp,DC=local"
> 	credentials="xxxxx"
> 	mode=none
> 

Thank you,

Chris