[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLdap Proxy with CentOS 6.3

To: GERF <grosero0727@yahoo.com>
Subject: Re: OpenLdap Proxy with CentOS 6.3
From: Guillaume Rousse <guillomovitch@gmail.com>
Date: Tue, 11 Sep 2012 10:29:40 +0200
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=9Upahd4spAlPfLJYz5cohe1npo5etlWKvgDGXzZ3XL8=; b=JyNuKrM6oGdkdY0dxcjhv9Tst1RuPy8cCZ40MctrTHyrsKcL8+LPFPluAz7i8e0g4X vy+FCrIjzjMw6olq1KpYZrN0TKUzWPHwzq0E/JYP85+HySBpoGoJWguFe3lIgFFRg50T XhsEQf+he1w5lLafVf0FjorhGzYcW0ubIX6Yc5whIDxRU46uEnQUoubtrGinvCQ1bfra PY3BUftQCFc6CKngDZeyjqmL8TlNUXAI+3e/Px5l2lLnse8ZHldWxSF36Xhyar5sKxUJ JBPuQizetON3S4NYYiT016zDY8lncGSG3cGtgxzwkSu+jh3QHC9XrUysJ5cJtbHy+dY/ feDg==
In-reply-to: <1347279619.97792.YahooMailNeo@web140301.mail.bf1.yahoo.com>
References: <1347237522.2455.YahooMailNeo@web140301.mail.bf1.yahoo.com> <504DA666.6000502@gmail.com> <1347279619.97792.YahooMailNeo@web140301.mail.bf1.yahoo.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120909 Thunderbird/15.0.1

Le 10/09/2012 14:20, GERF a écrit :

Guillaume,

You wrote: The second URL seems invalid, unless you managed to make your
server reply without SSL on port 636.

My Answer: So, should I removed it so I can make it reply with SSL ?

No, using ldap protocol on port 636 won't work.

And either you need SSL connections by default, and you should use onlyan ldaps:// URI, either you don't, and you should use an ldap:// URI.That doesn't make any sense to use SSL as a fallback if an initialnon-connection failed, which is the sense of multiple values for thisvariable.

BTW, this file (/etc/openldap/ldap.conf) just defines default foropenldap libraries, which are only used if the application doesn'tspecify one. You'd better use an explicit -H option in your ldapsearchcommand, as you do with an explicit -b option.

You wrote: Which seems to be a valid AD answer. Did you managed to
successfully  execute the same query against AD directly ?

My Answer: That answer is unknown user or password. When you say against
AD, you mean using Ldp.exe ? It does reply successfully with simple bind
authentication. See Below.

You can use whatever client, as long as you use the same in both test:direct connection vs connection through the proxy. You're assuming theauthentication error comes from the proxy, but you don't have anyevidence for it.



--
BOFH excuse #201:

RPC_PMAP_FAILURE

References:
- OpenLdap Proxy with CentOS 6.3
  - From: GERF <grosero0727@yahoo.com>
- Re: OpenLdap Proxy with CentOS 6.3
  - From: Guillaume Rousse <guillomovitch@gmail.com>
- Re: OpenLdap Proxy with CentOS 6.3
  - From: GERF <grosero0727@yahoo.com>

Prev by Date: Re: Execute a Filter and get the boolean status true/false
Next by Date: Re: mdb - no space left?
Index(es):
- Chronological
- Thread