[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: proxy to AD does not work during login client machine

From: Dan White <dwhite@cafedemocracy.org>
On 06/11/15 23:38 +0000, Leo Xiao wrote:
Hi technical,

I hit a problem during configure proxy to AD.
I can run command:
$ldapsearch -x -h localhost -LLL -b dc=mydomain,dc=local -D cn=open,cn=users,dc=mydomain,dc=local -W "(cn=open1)" cn sAMAccountName
which return the SAMACCOUNTNAME:open successfully. --- This may mean the proxy works well.
But if I run command with out -D -D cn=open,cn=users,dc=mydomain,dc=local. The search will failed.

So you are attempting to authenticate anonymously? Or with SASL?

On 06/15/15 22:58 +0000, Leo Xiao wrote:
Hi Dan,

Thanks a lot for the comments. I want to authenticate anonymously, Not with SASL.

Is there any pam configuration needed for this scenario? Could you share
some link/doc to me? Thanks  so much.

When I use openldap user login, just run authconfig-gtk(modified the
/etc/openldap/ldap.conf) and set the ldapserver/base DN can lead me login

The configuration to do anonymous binds is highly dependent on the ldap pam
module you are using. See slapo-nssov(5) if you are using the one
distributed by the OpenLDAP project. Otherwise, configuration of your ldap
pam module is outside the scope of this project. However, assuming your pam
ldap module uses (links against) libldap, consult the ldap.conf(5) manpage
as well.

Dan White