[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: problem with ldap backend

To: "'openldap-technical@openldap.org'" <openldap-technical@openldap.org>
Subject: RE: problem with ldap backend
From: Alex Samad - Yieldbroker <Alex.Samad@yieldbroker.com>
Date: Sun, 1 Apr 2012 07:39:23 +0000
Accept-language: en-AU, en-US
Content-language: en-US
In-reply-to: <A3FB5D9FD28C50429DF7692DC31054E6048BF4BE@DC1INTADCW8201.yieldbroker.com>
References: <A3FB5D9FD28C50429DF7692DC31054E6048BEB73@DC1INTADCW8201.yieldbroker.com> <A3FB5D9FD28C50429DF7692DC31054E6048BF4BE@DC1INTADCW8201.yieldbroker.com>
Thread-index: Ac0MjoOb9SrA8vA/STq7A7esDRNr+AAouSWAAKpBDOA=
Thread-topic: problem with ldap backend

Hi

Just wondering if the features is supposed to work ?  Am I delving into experimental code ?

Alex

> -----Original Message-----
> From: Alex Samad - Yieldbroker
> Sent: Thursday, 29 March 2012 9:28 AM
> To: openldap-technical@openldap.org
> Subject: RE: problem with ldap backend
> 
> Hi
> 
> I have progressed a little bit further
> 
> I have stopped using olcdbaclbind and started to use
> 
> olcDbIDAssertAuthzFrom: "*"
> olcDbIDAssertBind: bindmethod=none authzId="CN=ad
> readonly,OU=Services ,DC= xyz,DC=com" credentials="secret" starttls=no
> 
> 
> but I get this
> 
> text: 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this
> ope  ration a successful bind must be completed on the connection., data 0,
> v1db1
> 
> 
> I am able to ldapsearch with these credentials, I also tried change
> bindmethod to simple, but same error
> 
> How do I turn on debug for the ldap backend ?
> 
> Any one have any ideas on how to make this work ?
> 
> 
> Alex
> 
> 
> > -----Original Message-----
> > From: openldap-technical-bounces@OpenLDAP.org
> > [mailto:openldap-technical- bounces@OpenLDAP.org] On Behalf Of Alex
> > Samad - Yieldbroker
> > Sent: Wednesday, 28 March 2012 1:58 PM
> > To: openldap-technical@openldap.org
> > Subject: problem with ldap backend
> >
> > Hi
> >
> > I am trying to setup a connection from openldap to MS AD
> >
> > I am using this
> >
> > dn: olcDatabase={3}ldap
> > objectClass: olcDatabaseConfig
> > objectClass: olcLDAPConfig
> > olcDatabase: {3}ldap
> > olcSuffix: dc=xyz,dc=com
> > olcAccess: {0}to dn.base="" by * read
> > olcAccess: {1}to dn.base="cn=Subschema" by * read
> > olcAccess: {2}to * by self write by users read by anonymous auth
> > olcReadOnly: TRUE
> > olcRootDN:
> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> > olcSizeLimit: 500
> > olcDbURI: "ldap://dc101. xyz.com ldap://dc201. xyz.com"
> > olcDbRebindAsUser: TRUE
> > olcDbChaseReferrals: TRUE
> >
> >
> > This works fine when I pass a bind DN.
> >
> > I would like to convert this to allow anon access to ldap, which does
> > a user bind to MS AD so I added this
> >
> >
> > olcdbaclbind: bindmethod=simple binddn="CN=ad readonly,OU= xyz,DC=
> > xyz,DC=com" credentials="secret" starttls=no
> >
> > but it is not working, I can not make a anon search request, they
> > retrieve any thing frome the MSAD ldap server.
> >
> > Thanks
> >
> >
> >
> >

Follow-Ups:
- RE: problem with ldap backend
  - From: masarati@aero.polimi.it

Next by Date: RE: problem with ldap backend
Index(es):
- Chronological
- Thread