[Date Prev][Date Next] [Chronological] [Thread] [Top]

Help needed chaining to active directory for authentication

Hello, I've set up an openLDAP server (2.4.23)  which chains to an Active Directory (2008). I can successfully search for users, it will find them in Active Directory if they are not in openLDAP,  but I cannot authenticate the Active Directory users.
The error is "Invalid credentials (49)"
Everything  is currently configured with clear text
ldapSearch works fine when pointed directly to the Active Directory.

The chaining configuration in the slapd.conf is:

overlay                     chain
chain-uri                   ldap://aucwdfp01.niwa.local:389
chain-rebind-as-user        TRUE
chain-idassert-bind         bindmethod="simple"
                            binddn="cn=SDT Tester,ou=NIWA Staff Accounts,ou=User Accounts, dc=niwa,dc=local"
chain-return-error          TRUE

Any tips would be greatly appreciated.