[Date Prev][Date Next] [Chronological] [Thread] [Top]

Followup: using OpenLDAP with Active Directory

To: Mailing List Open-LDAP <openldap-technical@openldap.org>
Subject: Followup: using OpenLDAP with Active Directory
From: Mike Leone <turgon@mike-leone.com>
Date: Fri, 26 Mar 2010 15:27:05 -0400
User-agent: Thunderbird 2.0.0.24 (Windows/20100228)

So I've made *some* progress. I created a new user in AD, and used thisnew account to bind with. And, using simple authentication and passwordprompting, my search worked correctly:

ldapsearch -Hldap://dim-win2300.dacrib.local -tt -x -D"ldap-proxy@dacrib.local" -b "dc=dacrib,dc=local" -W -L"(objectClass=user)" dn

However, I can't seem to get it to work, if I don't specify the ID andpassword to bind with:


----------------------------

ldapsearch -v -x -Hldap://dim-win2300.dacrib.local "(objectClass=user)"sAMAccountName


ldap_initialize( ldap://dim-win2300.dacrib.local:389/??base )
filter: (objectClass=user)
requesting: sAMAccountName
# extended LDIF
#
# LDAPv3
# base <dc=DaCrib,dc=local> (default) with scope subtree
# filter: (objectClass=user)
# requesting: sAMAccountName
#

# search result
search: 2
result: 1 Operations error

text: 00000000: LdapErr: DSID-0C090627, comment: In order to performthis operation a successful bind must be completed on the connection.,data 0, vece


# numResponses: 1
--------------------------

I thought perhaps the problem was that SASL was interferring, so I triedto turn it off in ldap.conf, but that didn't seem to work.

As an aside, where does ldap.conf live, in Ubuntu 9.04? I have 2, one in/etc and one in /etc/ldap. And I don't know which one (if either) isbeing read ... is there any way to tell which one is in use?


-------------------
host 10.0.0.60
base dc=DaCrib,dc=local

#binddn CN=ldap-proxy,CN=Users,DC=DaCrib,DC=local
binddn ldap-proxy@dacrib.local
bindpw XXXXXXXX

use_sasl        off
SASL_SECPROPS none
SSL no

# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
# rootbinddn cn=Administrator,dc=dacrib,dc=local

# RFC 2307 (AD) mappings
# <to> <from>
nss_map_attribute userPassword sambaPassword
nss_map_attribute gecos name
nss_map_attribute uid unixName
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
pam_filter objectclass=User
pam_password crypt

nss_initgroups_ignoreusersavahi,backup,bin,daemon,dhcp,dovecot,festival,games,gnats,haldaemon,hplip,irc,klog,li

buuid,list,lp,mail,man,messagebus,mysql,news,polkituser,postfix,proxy,root,saned,sshd,sync,sys,syslog,uucp,www-d
ata
-----------------------

Anyone? I feel I am close, but can't figure out why doing itinteractively from the command line binds and searches, and relying onthe ldap.conf to supply that information does not ...


Thanks

Prev by Date: Problems using OpenLDAP with Active Directory
Next by Date: Re: Problems using OpenLDAP with Active Directory
Index(es):
- Chronological
- Thread