[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: ldap proxy to AD returns no results - take#2
- To: <ando@sys-net.it>
- Subject: RE: ldap proxy to AD returns no results - take#2
- From: "Lank, Tim" <tim.lank@bearingpoint.com>
- Date: Wed, 14 Apr 2004 14:26:52 +0100
- Cc: <openldap-software@OpenLDAP.org>
- Content-class: urn:content-classes:message
- Thread-index: AcQh8sqIFHRE1ig9Q3WotOi19u4QOQAMMH4g
- Thread-topic: ldap proxy to AD returns no results - take#2
So in addition to what I've done below and having another linux box's ldap.conf point to:
HOST 10.98.3.98
BASE cn=users,dc=corp,dc=testcompany,dc=com
What else will I need to do to login via ssh using the ldap proxy->AD authentication?
When I do this now, it populates the uid field with NOUSER and does not allow me to authenicate.
Thanks,
Tim
-----Original Message-----
From: Pierangelo Masarati [mailto:ando@sys-net.it]
Sent: Wednesday, April 14, 2004 3:33 AM
To: Lank, Tim
Cc: openldap-software@OpenLDAP.org
Subject: Re: ldap proxy to AD returns no results - take#2
AD, AFAIK, by befault is configured to allow only bound access.
I don't know how to instruct it to accept anonymous queries.
So in your case it's simply behaving as expected.
p.
>
> I am trying to use OpenLDAP v2.1.29 on a linux server (10.98.3.98) as a
> proxy into an Active Directory server (10.98.3.20).
>
> Using ldapsearch on the linux box, I can query the AD directly with the
> following command:
>
> ldapsearch -H ldap://10.98.3.20 -x -D tim.lank@testcompany.com -W -b
> 'cn=users,dc=corp,dc=testcompany,dc=com' 'cn=Lank*'
>
> when I enter my AD password, the above returns all of the AD attributes
> & values for the query.
>
> However, when I try to query the AD via the proxy with the following
> command, it returns nothing at all:
>
> ldapsearch -H ldap://10.98.3.98 -x -b
> 'cn=users,dc=corp,dc=testcompany,dc=com' 'cn=Lank*'
>
> The slapd was compiled with the following:
>
> ./configure --enable-ldap --enable-rewrite
>
> And the following is the contents of the database section for the ldap
> backend:
>
> #### section in slapd.conf ###############
> database ldap
> suffix cn=users,dc=corp,dc=testcompany,dc=com
> uri ldap://10.98.3.20
> binddn tim.lank@testcompany.com
> bindpw mypassword
>
> Any thoughts?
>
>
> ***************************************************************************************************
> The information in this email is confidential and may be legally
> privileged. Access to this email by anyone other than the intended
> addressee is unauthorized. If you are not the intended recipient of
> this message, any review, disclosure, copying, distribution, retention,
> or any action taken or omitted to be taken in reliance on it is
> prohibited and may be unlawful. If you are not the intended recipient,
> please reply to or forward a copy of this message to the sender and
> delete the message, any attachments, and any copies thereof from your
> system.
> ***************************************************************************************************
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
***************************************************************************************************
The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system.
***************************************************************************************************