[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: How do I tell ldapsearch to authenticate to the referred to LDAP server when chasing a referral?
- To: "Comisario, Alejandro" <acomisario@siscat.com.ar>
- Subject: RE: How do I tell ldapsearch to authenticate to the referred to LDAP server when chasing a referral?
- From: "Gavin Henry" <ghenry@suretecsystems.com>
- Date: Tue, 17 Jul 2007 19:22:51 +0100 (BST)
- Cc: openldap-software@openldap.org
- Importance: Normal
- In-reply-to: <5341EB12706351489DEFADBFEF06CC6898EAAE@mercurio.sc.com>
- References: <5341EB12706351489DEFADBFEF06CC6898EAAE@mercurio.sc.com>
- User-agent: SquirrelMail/1.4.10a-1.fc6
<quote who="Comisario, Alejandro">
> OK!!! My boss calls me!
> Let finish some work and I'll post you the debug!!!
> From now, VERY VERY THANKS FOR YOUR HELP!!!
Stop shouting and please CC openldap-software@openldap.org !!! ;-)
Gavin.
>
> --
> Alejandro D. Comisario
> Sistemas Catastrales S.A.
> Depto. Tecnología y Seguridad Informática
> (5411) 4326.4002 int. 273
> Buenos Aires, Argentina
> acomisario@siscat.com.ar
>
>
> -----Mensaje original-----
> De: Gavin Henry [mailto:ghenry@suretecsystems.com]
> Enviado el: martes, 17 de julio de 2007 15:15
> Para: Comisario, Alejandro
> CC: openldap-software@openldap.org
> Asunto: RE: How do I tell ldapsearch to authenticate to the referred to
> LDAP
> server when chasing a referral?
>
> <quote who="Comisario, Alejandro">
>> YES!
>> It is, if i query the AD directly, it Works.
>>
>> Ldapsearch -b "ou=prueba,dc=adsc,dc=com" -H ldap://adldap.adsc.com -D
>> "cn=admin,cn=users,dc=adsc,dc=com" -W
>>
>> WORKS!!!
>> But the referral don't
>
> Try my verbose logging and paste in your reply
>
>>
>> --
>> Alejandro D. Comisario
>> Sistemas Catastrales S.A.
>> Depto. Tecnología y Seguridad Informática
>> (5411) 4326.4002 int. 273
>> Buenos Aires, Argentina
>> acomisario@siscat.com.ar
>>
>>
>> -----Mensaje original-----
>> De: Gavin Henry [mailto:ghenry@suretecsystems.com]
>> Enviado el: martes, 17 de julio de 2007 15:08
>> Para: Comisario, Alejandro
>> CC: openldap-software@openldap.org
>> Asunto: RE: How do I tell ldapsearch to authenticate to the referred to
>> LDAP
>> server when chasing a referral?
>>
>> <quote who="Comisario, Alejandro">
>>> Gavin.
>>> Thanks for the answer, the thing is, and i could't say it befote, on
>>> the
>>> other side of the openLDAP is an Active Directory, when i try what you
>>> say,
>>> it gave me.
>>>
>>> doldap@root # ldapsearch -b "ou=prueba,dc=adsc,dc=com" \
>>> -H ldap://doldap.sc.com -D "cn=admin,cn=users,dc=adsc,dc=com" -W -x
>>> Enter LDAP Password:
>>> ldap_bind: Invalid credentials (49)
>>>
>>>
>>> Any Ideas?
>>
>> Is cn=admin,cn=users,dc=adsc,dc=com in AD?
>>
>> Gavin.
>>
>>>
>>>
>>> -----Mensaje original-----
>>> De: Gavin Henry [mailto:ghenry@suretecsystems.com]
>>> Enviado el: martes, 17 de julio de 2007 13:59
>>> Para: Comisario, Alejandro
>>> CC: openldap-software@openldap.org
>>> Asunto: Re: How do I tell ldapsearch to authenticate to the referred to
>>> LDAP
>>> server when chasing a referral?
>>>
>>> <quote who="Comisario, Alejandro">
>>>> Hello everyone.
>>>>
>>>> I have an OpenLDAP 2.3.30 running on Debian Etch Stable in a DMZ,
>>>> managing
>>>> external users for an application.
>>>> But at the same time i want this openLDAP to comunicate when given for
>>>> a
>>>> specific DN with another directory service on my internal network.
>>>> The connection between the two machines passing thru the firewall is
>>>> correct.
>>>>
>>>> The reference are:
>>>> openLDAP machine : doldap.sc.com with domain dc=si,dc=com
>>>> the other directory : adldap.adsc.com with domain dc=adsc,dc=com
>>>>
>>>> I defined the referral like this:
>>>> dn: ou=test,dc=adsc,dc=com
>>>> objectClass: referral
>>>> objectClass: extensibleObject
>>>> dc: prueba
>>>> ref: ldap://adldap.adsc.com/ou=test,dc=adsc,dc=com
>>>>
>>>> So, when i query something like this (anonymous):
>>>> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x
>>>>
>>>> I get this response:
>>>> # extended LDIF
>>>> #
>>>> # LDAPv3
>>>> # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter:
>>>> (objectclass=*) # requesting: ALL #
>>>>
>>>> # search result
>>>> search: 2
>>>> result: 10 Referral
>>>> ref: ldap://adldap.adsc.com/ou=prueba,dc=adsc,dc=com??sub
>>>>
>>>> # numResponses: 1
>>>>
>>>> So, apparently the referral for that query is found, next i tell
>>>> ldapsearch
>>>> to follow it:
>>>> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C
>>>>
>>>> The openLDAP try to follow the referral and get this response from the
>>>> other
>>>> service:
>>>> # extended LDIF
>>>> #
>>>> # LDAPv3
>>>> # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter:
>>>> (objectclass=*) # requesting: ALL #
>>>>
>>>> # search result
>>>> search: 2
>>>> result: 1 Operations error
>>>> text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform
>>>> this
>>>> operation a successful bind must be completed on the connection., data
>>>> 0,
>>>> vece
>>>>
>>>> # numResponses: 1
>>>>
>>>> So, How do I tell ldapsearch to authenticate to the referred to LDAP
>>>> server
>>>> when chasing a referral?
>>>> Hope someone can helpme.
>>>
>>> You need to actually bind as a user, e.g.:
>>>
>>> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C -D
>>> "uid=blah,dc=adsc,dc=com" -W
>>>
>>> Gavin.
>>>
>>>>
>>>> Regards.
>>>>
>>>> .A l e j a n d r o.
>>>>
>>>>
>>>>
>>>>
>>>
>>
>