Mike Leone on 24 Mar 2010 19:58:00 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] using OpenLDAP with Active Directory

I'm trying to configure lib-nss to use OpenLDAP against my Active 
Directory. But I seem to be having lots of problems even getting it to 
bind properly.

AD server =
AD domain name = DaCrib.local

Here's the ldap.conf:


base dc=DaCrib,dc=local

# RFC 2307 (AD) mappings
# <to> <from>
nss_map_attribute userPassword sambaPassword
nss_map_attribute gecos name
nss_map_attribute uid unixName
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
pam_filter objectclass=User
pam_password crypt


Here's what an "ldapsearch" gives me: (command line will wrap in email)

ldapsearch -v -x -H ldap:// "(objectClass=posixAccount)" 

ldap_initialize( ldap:// )
filter: (objectClass=posixAccount)
requesting: sAMAccountName
# extended LDIF
# LDAPv3
# base <dc=DaCrib,dc=local> (default) with scope subtree
# filter: (objectClass=posixAccount)
# requesting: sAMAccountName

# search result
search: 2
result: 1 Operations error
text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform 
this operation a successful bind must be completed on the connection., 
data 0, vece

# numResponses: 1

So the question is ... why is it failing to bind?

No firewalls are running on either server (at the moment). It should 
bind anonymously (I think). I tried turning up the debug level on the 
ldapsearch, but that told me nothing I could understand. :-)

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug