[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap for proxy AD

Subject: Re: Openldap for proxy AD
From: Willy Ramos <wrm@cdtn.br>
Date: Wed, 20 Nov 2013 14:55:43 -0200
Cc: Howard Chu <hyc@symas.com>, Jason Brandt <jbrandt@fsmail.bradley.edu>, "openldap-technical@OpenLDAP.org" <openldap-technical@openldap.org>
In-reply-to: <CAK_oV49b-+Z+gVQhvLPd9EtOfgt678HvNM20ZNrRRPjOAGSdhg@mail.gmail.com>
References: <21c0b36fe18b07698e7053e931e6a583.squirrel@webmail.cdtn.br> <CAJ-t26qc2pgBBaVisrEhUxSZ9rKtoN93MpscQ8VsD4E5t4ciFg@mail.gmail.com> <CAK_oV48tr71Qhb494faNL0GVbHGO4Bb0nAO+iWuoweYKH_JeRg@mail.gmail.com> <528C72AF.3060407@symas.com> <a7e6ee9e725bfc5c9835609b6da7485f.squirrel@webmail.cdtn.br> <CAK_oV49b-+Z+gVQhvLPd9EtOfgt678HvNM20ZNrRRPjOAGSdhg@mail.gmail.com>
User-agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.1.0

Em 20/11/2013 10:26, Clément OUDOT escreveu:

2013/11/20  <wrm@cdtn.br>:

Thank you.

Yes, the credentials are stored in AD.

I saw this documentation,
http://ltb-project.org/wiki/documentation/general/sasl_delegation

Helped me very much, but I think there are some wrong in my saslauth.conf,
because when I put the AD server and ldap_filter = (sAMAccountName=%u is
Ok Success SASL, " but when I put my localhost like this:

ldap_servers: ldaps://127.0.0.1        #or ldap://localhost
#ldap_servers: ldaps://1.1.2.1
ldap_version: 3
ldap_auth_method: bind
ldap_search_base: cn=users,dc=foobar,dc=br
#ldap_filter: (sAMAccountname=%u)
#ldap_filter: (userPrincipalName=%u)
ldap_filter: uid=%u
ldap_bind_dn: cn=vmail,cn=users,dc=foobar,dc=br     #or cn=admin,dc=foobar
ldap_password: abc@123
ldap_deref: never
ldap_restart: yes
ldap_scope: sub
ldap_use_sasl: no
ldap_start_tls: no
ldap_timeout: 10


testsaslauthd -u usertst -p password

NO "authentication failed"

See the log:

Nov 20 09:13:23 mail slapd[12776]: conn=1139 fd=18 ACCEPT from
IP=127.0.0.1:50194 (IP=0.0.0.0:636)
Nov 20 09:13:23 mail slapd[12776]: conn=1139 fd=18 TLS established
tls_ssf=256 ssf=256
Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 BIND
dn="cn=vmail,cn=users,dc=foobar,dc=br" method=128
Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 BIND
dn="cn=vmail,cn=users,dc=foobar,dc=br" mech=SIMPLE ssf=0
Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 RESULT tag=97 err=0 text=
Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SRCH
base="cn=users,dc=foobar,dc=br" scope=2 deref=0 filter="(uid=usertst)"
Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SRCH attr=dn
Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SEARCH RESULT tag=101
err=0 nentries=0 text=

What can I do to fix this?

The log says that the entry is not found (nentries=0) either because
it does not exist, either because you can't read it (ACL).

But what are you using localhost behind your SASL pass trough? Seems
like you are doing a loop on your LDAP server.


Clément.

That is a problem, because don´t found the base but when I´m usingldapsearch my search is acepted, very strange.


how this example:

ldapsearch -x -H ldaps://localhost -b dc=foobar,dc=com -Dcn=usertst,cn=users,dc=foobar,dc=com -w password


I see all objects in database, when I do this command.

If you had another idea please tell me, I just was seeing that link inthe ltb-project.org. where tell me to use in localhost SASL.


--
Att.


Willy R. M
CDTN/System Software
31-3069-3303

Follow-Ups:
- Re: Openldap for proxy AD
  - From: Jason Brandt <jbrandt@fsmail.bradley.edu>
- Re: Openldap for proxy AD
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

References:
- Openldap for proxy AD
  - From: wrm@cdtn.br
- Re: Openldap for proxy AD
  - From: Jason Brandt <jbrandt@fsmail.bradley.edu>
- Re: Openldap for proxy AD
  - From: Clément OUDOT <clem.oudot@gmail.com>
- Re: Openldap for proxy AD
  - From: Howard Chu <hyc@symas.com>
- Re: Openldap for proxy AD
  - From: wrm@cdtn.br
- Re: Openldap for proxy AD
  - From: Clément OUDOT <clem.oudot@gmail.com>

Prev by Date: Re: Openldap for proxy AD
Next by Date: Re: Openldap for proxy AD
Index(es):
- Chronological
- Thread