[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: problem with ldap backend
Hi
Thanks, I have also tried bind=simple, same error, I have tested the dn and the password with ldapsearch
Thanks
> -----Original Message-----
> From: masarati@aero.polimi.it [mailto:masarati@aero.polimi.it]
> Sent: Sunday, 1 April 2012 6:17 PM
> To: Alex Samad - Yieldbroker
> Cc: 'openldap-technical@openldap.org'
> Subject: RE: problem with ldap backend
>
> > Hi
> >
> > Just wondering if the features is supposed to work ? Am I delving
> > into experimental code ?
>
> It works as intended. The error message you receive is quite
> self-explanatory: AD wants a successful bind, and you're requesting
> bindmethod=none (i.e. bind with empty DN). You may want to try
> bindmethod=simple
>
> p.
>
> >> -----Original Message-----
> >> From: Alex Samad - Yieldbroker
> >> Sent: Thursday, 29 March 2012 9:28 AM
> >> To: openldap-technical@openldap.org
> >> Subject: RE: problem with ldap backend
> >>
> >> Hi
> >>
> >> I have progressed a little bit further
> >>
> >> I have stopped using olcdbaclbind and started to use
> >>
> >> olcDbIDAssertAuthzFrom: "*"
> >> olcDbIDAssertBind: bindmethod=none authzId="CN=ad
> >> readonly,OU=Services ,DC= xyz,DC=com" credentials="secret"
> >> starttls=no
> >>
> >>
> >> but I get this
> >>
> >> text: 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform
> >> this ope ration a successful bind must be completed on the
> >> connection., data 0,
> >> v1db1
> >>
> >>
> >> I am able to ldapsearch with these credentials, I also tried change
> >> bindmethod to simple, but same error
> >>
> >> How do I turn on debug for the ldap backend ?
> >>
> >> Any one have any ideas on how to make this work ?
> >>
> >>
> >> Alex
> >>
> >>
> >> > -----Original Message-----
> >> > From: openldap-technical-bounces@OpenLDAP.org
> >> > [mailto:openldap-technical- bounces@OpenLDAP.org] On Behalf Of
> Alex
> >> > Samad - Yieldbroker
> >> > Sent: Wednesday, 28 March 2012 1:58 PM
> >> > To: openldap-technical@openldap.org
> >> > Subject: problem with ldap backend
> >> >
> >> > Hi
> >> >
> >> > I am trying to setup a connection from openldap to MS AD
> >> >
> >> > I am using this
> >> >
> >> > dn: olcDatabase={3}ldap
> >> > objectClass: olcDatabaseConfig
> >> > objectClass: olcLDAPConfig
> >> > olcDatabase: {3}ldap
> >> > olcSuffix: dc=xyz,dc=com
> >> > olcAccess: {0}to dn.base="" by * read
> >> > olcAccess: {1}to dn.base="cn=Subschema" by * read
> >> > olcAccess: {2}to * by self write by users read by anonymous auth
> >> > olcReadOnly: TRUE
> >> > olcRootDN:
> >> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> >> > olcSizeLimit: 500
> >> > olcDbURI: "ldap://dc101. xyz.com ldap://dc201. xyz.com"
> >> > olcDbRebindAsUser: TRUE
> >> > olcDbChaseReferrals: TRUE
> >> >
> >> >
> >> > This works fine when I pass a bind DN.
> >> >
> >> > I would like to convert this to allow anon access to ldap, which
> >> > does a user bind to MS AD so I added this
> >> >
> >> >
> >> > olcdbaclbind: bindmethod=simple binddn="CN=ad readonly,OU=
> xyz,DC=
> >> > xyz,DC=com" credentials="secret" starttls=no
> >> >
> >> > but it is not working, I can not make a anon search request, they
> >> > retrieve any thing frome the MSAD ldap server.
> >> >
> >> > Thanks
> >> >
> >> >
> >> >
> >> >
> >
> >
> >
> >
>