[PLUG] using OpenLDAP with Active Directory

Mike Leone on 24 Mar 2010 19:58:00 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] using OpenLDAP with Active Directory

From: Mike Leone <turgon@mike-leone.com>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: [PLUG] using OpenLDAP with Active Directory

Date: Wed, 24 Mar 2010 22:57:55 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.24 (Windows/20100228)

I'm trying to configure lib-nss to use OpenLDAP against my Active Directory. But I seem to be having lots of problems even getting it to bind properly. AD server = 10.0.0.60 AD domain name = DaCrib.local Here's the ldap.conf: ------------------------ host 10.0.0.60 base dc=DaCrib,dc=local # RFC 2307 (AD) mappings # <to> <from> nss_map_attribute userPassword sambaPassword nss_map_attribute gecos name nss_map_attribute uid unixName nss_map_attribute shadowLastChange pwdLastSet nss_map_objectclass posixGroup group pam_filter objectclass=User pam_password crypt nss_initgroups_ignoreusers avahi,backup,bin,daemon,dhcp,dovecot,festival,games,gnats,haldaemon,hplip,irc,klog,libuuid,list,lp,mail,man,messagebus,mysql,news,polkituser,postfix,proxy,root,saned,sshd,sync,sys, syslog,uucp,www-data -------------------------- Here's what an "ldapsearch" gives me: (command line will wrap in email) -------------------------- ldapsearch -v -x -H ldap://10.0.0.60 "(objectClass=posixAccount)" sAMAccountName ldap_initialize( ldap://10.0.0.60:389/??base ) filter: (objectClass=posixAccount) requesting: sAMAccountName # extended LDIF # # LDAPv3 # base <dc=DaCrib,dc=local> (default) with scope subtree # filter: (objectClass=posixAccount) # requesting: sAMAccountName # # search result search: 2 result: 1 Operations error text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece # numResponses: 1 ---------------------------- So the question is ... why is it failing to bind? No firewalls are running on either server (at the moment). It should bind anonymously (I think). I tried turning up the debug level on the ldapsearch, but that told me nothing I could understand. :-) Thoughts? ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] using OpenLDAP with Active Directory
From: Mike Leone <turgon@mike-leone.com>

Re: [PLUG] using OpenLDAP with Active Directory
From: Ben Love <blove+plug@kylimar.com>

Prev by Date: Re: [PLUG] [plug-announce] Policy Discussion: plug-announce list

Next by Date: [PLUG] [plug-announce] Policy change for plug-announce

Previous by thread: Re: [PLUG] Linux SMTP honeypots?

Next by thread: Re: [PLUG] using OpenLDAP with Active Directory

Index(es):

Date

Thread