[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap proxy to AD returns no results - take#2



AD, AFAIK, by befault is configured to allow only bound access.
I don't know how to instruct it to accept anonymous queries.
So in your case it's simply behaving as expected.

p.


>
> I am trying to use OpenLDAP v2.1.29 on a linux server (10.98.3.98) as a
> proxy into an Active Directory server (10.98.3.20).
>
> Using ldapsearch on the linux box, I can query the AD directly with the
> following command:
>
> ldapsearch -H ldap://10.98.3.20 -x -D tim.lank@testcompany.com -W -b
> 'cn=users,dc=corp,dc=testcompany,dc=com' 'cn=Lank*'
>
> when I enter my AD password, the above returns all of the AD attributes
> & values for the query.
>
> However, when I try to query the AD via the proxy with the following
> command, it returns nothing at all:
>
> ldapsearch -H ldap://10.98.3.98 -x -b
> 'cn=users,dc=corp,dc=testcompany,dc=com' 'cn=Lank*'
>
> The slapd was compiled with the following:
>
> ./configure --enable-ldap --enable-rewrite
>
> And the following is the contents of the database section for the ldap
> backend:
>
> #### section in slapd.conf  ###############
> database        ldap
> suffix          cn=users,dc=corp,dc=testcompany,dc=com
> uri             ldap://10.98.3.20
> binddn          tim.lank@testcompany.com
> bindpw          mypassword
>
> Any thoughts?
>
>
> ***************************************************************************************************
> The information in this email is confidential and may be legally
> privileged.  Access to this email by anyone other than the intended
> addressee is unauthorized.  If you are not the intended recipient of
> this message, any review, disclosure, copying, distribution, retention,
> or any action taken or omitted to be taken in reliance on it is
> prohibited and may be unlawful.  If you are not the intended recipient,
> please reply to or forward a copy of this message to the sender and
> delete the message, any attachments, and any copies thereof from your
> system.
> ***************************************************************************************************


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it