[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLdap Proxy with CentOS 6.3

Le 10/09/2012 14:20, GERF a écrit :

You wrote: The second URL seems invalid, unless you managed to make your
server reply without SSL on port 636.

My Answer: So, should I removed it so I can make it reply with SSL ?
No, using ldap protocol on port 636 won't work.

And either you need SSL connections by default, and you should use only an ldaps:// URI, either you don't, and you should use an ldap:// URI. That doesn't make any sense to use SSL as a fallback if an initial non-connection failed, which is the sense of multiple values for this variable.

BTW, this file (/etc/openldap/ldap.conf) just defines default for openldap libraries, which are only used if the application doesn't specify one. You'd better use an explicit -H option in your ldapsearch command, as you do with an explicit -b option.

You wrote: Which seems to be a valid AD answer. Did you managed to
successfully  execute the same query against AD directly ?

My Answer: That answer is unknown user or password. When you say against
AD, you mean using Ldp.exe ? It does reply successfully with simple bind
authentication. See Below.
You can use whatever client, as long as you use the same in both test: direct connection vs connection through the proxy. You're assuming the authentication error comes from the proxy, but you don't have any evidence for it.

BOFH excuse #201: