[Date Prev][Date Next] [Chronological] [Thread] [Top]

Openldap for proxy AD

To: openldap-technical@openldap.org
Subject: Openldap for proxy AD
From: wrm@cdtn.br
Date: Tue, 19 Nov 2013 16:59:14 -0200
Importance: Normal
User-agent: SquirrelMail/1.4.20

Hi,
I´m with some troubles to do authentication in AD trough of Openldap.

Somebody managed to authenticate with AD password in Openldap Server?

I´m trying everything but don´t auth. I see all users but the password
don´t pass.


My slapd.conf like this :


#
include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/duaconf.schema
include         /etc/openldap/schema/dyngroup.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/ppolicy.schema
include         /etc/openldap/schema/collective.schema

#allow bind_v2

loglevel 256
#referral	ldap://root.openldap.org

pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args

# Load dynamic backend modules:
modulepath      /usr/lib/openldap
#moduleload      back_bdb
moduleload accesslog.la
moduleload auditlog.la
moduleload ppolicy.la
moduleload rwm.la
moduleload back_ldap

TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

#######################################################################

database	ldap
suffix "dc=foobar"
rootdn "cn=admin,dc=foobar"
###################################
rootpw			{SSHA}wXmTs2ANS4XwqqnzEVIqmc+i6VCUiD7I

database ldap
suffix dc=foobar,dc=com
#subordinate
rebind-as-user
uri     ldaps://srv-2003.foobar.com
idassert-bind   bindmethod=simple
binddn="cn=vmail,cn=users,dc=foobar,dc=com"
credentials=abc@123
mode=none
flags=non-prescriptive

idassert-authzFrom "dn.regex:.*"
#idassert-authzFrom "dn.exact:cn=admin,dc=foobar"
#
chase-referrals yes

require authc
#############################
###########password-hash {CLEARTEXT}
TLSCipherSuite HiGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
TLSVerifyClient allow
sasl-host localhost
sasl-secprops none

#########################################################################
database config
# all others attributes are readable to everybody

access to *
        by * read

lastmod off

overlay rwm
rwm-suffixmassage dc=foobar,dc=com
#rwm-normalize-mapped-attrs
rwm-map attribute uid       sAMAccountName
rwm-map attribute cn        name
#rwm-map attribute mail      userPrincipalName
rwm-map objectclass account


What is wrong?

Please help me.

Thanks.

Follow-Ups:
- Re: Openldap for proxy AD
  - From: Jason Brandt <jbrandt@fsmail.bradley.edu>

Prev by Date: Slapd sometimes stucks: slapd shutdown: waiting for N operations/tasks to finish
Next by Date: Re: Slapd sometimes stucks: slapd shutdown: waiting for N operations/tasks to finish
Index(es):
- Chronological
- Thread