[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap proxy to AD - UnicodePwd: attribute type undefined

To: Dieter Klünter <dieter@dkluenter.de>
Subject: Re: ldap proxy to AD - UnicodePwd: attribute type undefined
From: Meike Stone <meike.stone@googlemail.com>
Date: Fri, 31 Jul 2015 11:18:06 +0200
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=Nlws6m4vEREj3ErEVOYtTM8NuOHdGyScCcD8/DiA1gk=; b=g9GaJe4+3Vo2DiFZBVnrjfttz2T7qi3PUtBulvX9ocMYdOQQHCjVtet9o5tea1wA4A E75LqmhkbkydZWXMak8EwsIKQR04SymY7DGLQbJvLHpQuEX6yjP05mGwl1Le9EqaOC+s AhYCUhtfIyEQZThF+mNaGWCr8FauQ7e54PRgrwXLiP5pEkTeh/M/a+NZ8HVu7norGyw7 t2kzqwNAd6cKHg2iT/5ZVk/s7t4XioCIyzeRg1a1w10Nk9x3EUmFYBqFN5OG3lEY58ZJ S2zadvYLlynjJFfd1dn7/PveLhB6P/IJk/yoC1GHC6cdvXEraBHedtI8uhhyeXyAiaWa eE0w==
In-reply-to: <20150730160244.6c8b8361@pink.avci.de>
References: <CAFNHiA86_yY=CnhiDkBmp348A5FCHAtTzxSuySm7VUUswJ5Oug@mail.gmail.com> <20150730160244.6c8b8361@pink.avci.de>

>> Hello
>>
>>
>> I've installed a openldap as proxy in a DMZ for authentication
>> forwarding to an Active Directoy.
>> The Proxy is used by a VPN gateway.
>>
>> That all works very well, but password change from client fails with
>> following error:
>>
>> slapd[30661]: conn=1001 op=5 do_modify
>> slapd[30661]: conn=1001 op=5 do_modify: dn
>> (cn=XPTEST5,ou=Users,dc=myorg,dc=net) slapd[30661]: >>>
>> dnPrettyNormal: <cn=TEST5,ou=Users,dc=myorg,dc=net> slapd[30661]: <<<
>> dnPrettyNormal: <cn=TEST5,ou=Users,dc=myorg,dc=net>,
>> <cn=xptest5,ou=users,dc=myorg,dc=net> slapd[30661]: conn=1001 op=5
>> modifications: slapd[30661]:   delete: UnicodePwd
>> slapd[30661]:           one value, length 26
>> slapd[30661]:   add: UnicodePwd
>> slapd[30661]:           one value, length 26
>> slapd[30661]: conn=1001 op=5 MOD
>> dn="cn=TEST5,ou=Users,dc=myorg,dc=net" slapd[30661]: conn=1001 op=5
>> MOD attr=UnicodePwd UnicodePwd slapd[30661]: send_ldap_result:
>> conn=1001 op=5 p=3 slapd[30661]: send_ldap_result: err=17 matched=""
>> text="UnicodePwd: attribute type undefined"
>> slapd[30661]: send_ldap_response: msgid=6 tag=103 err=17
>> slapd[30661]: conn=1001 op=5 RESULT tag=103 err=17 text=UnicodePwd:
>> attribute type undefined
>> slapd[30661]: daemon: activity on 1 descriptor
>> slapd[30661]: daemon: activity on:
>> slapd[30661]:
>> slapd[30661]: daemon: epoll: listen=7 active_threads=0 tvp=zero
>> slapd[30661]: daemon: activity on 1 descriptor
>> slapd[30661]: daemon: activity on:
>>
>> As I understand, UnicodePwd is a proprietary "standard" MS attribute
>> in AD to store the password but the RFC attribute is the userPassword.
>>
>>
>> Is it possible, to get the proxy working to process this MOD request,
>> may be that openldap proxy pass through the MOD operation with the
>> attribute UnicodePwd from the VPN-gateway?
> [...]
>
> create a private schema with all relevant attribute types and object
> classes

Thanks, that worked!!!

Meike

References:
- ldap proxy to AD - UnicodePwd: attribute type undefined
  - From: Meike Stone <meike.stone@googlemail.com>
- Re: ldap proxy to AD - UnicodePwd: attribute type undefined
  - From: Dieter Klünter <dieter@dkluenter.de>

Prev by Date: Re: Integrate LDAP in Hadoop
Next by Date: Re: Integrate LDAP in Hadoop
Index(es):
- Chronological
- Thread