Re: [PLUG] using OpenLDAP with Active Directory

Mike Leone on 26 Mar 2010 10:53:08 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] using OpenLDAP with Active Directory

From: Mike Leone <turgon@mike-leone.com>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] using OpenLDAP with Active Directory

Date: Fri, 26 Mar 2010 13:53:07 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.24 (Windows/20100228)

Anyone? I've also posted this on OpenLDAP mailing list, with no response (so far - I only sent it today). Mike Leone had this to say: > I'm trying to configure lib-nss to use OpenLDAP against my Active > Directory. But I seem to be having lots of problems even getting it to > bind properly. > > AD server = 10.0.0.60 > AD domain name = DaCrib.local > > Here's the ldap.conf: > > ------------------------ > host 10.0.0.60 > > base dc=DaCrib,dc=local > > # RFC 2307 (AD) mappings > # <to> <from> > nss_map_attribute userPassword sambaPassword > nss_map_attribute gecos name > nss_map_attribute uid unixName > nss_map_attribute shadowLastChange pwdLastSet > nss_map_objectclass posixGroup group > pam_filter objectclass=User > pam_password crypt > > nss_initgroups_ignoreusers > avahi,backup,bin,daemon,dhcp,dovecot,festival,games,gnats,haldaemon,hplip,irc,klog,libuuid,list,lp,mail,man,messagebus,mysql,news,polkituser,postfix,proxy,root,saned,sshd,sync,sys, > > syslog,uucp,www-data > -------------------------- > > Here's what an "ldapsearch" gives me: (command line will wrap in email) > > -------------------------- > ldapsearch -v -x -H ldap://10.0.0.60 "(objectClass=posixAccount)" > sAMAccountName > > ldap_initialize( ldap://10.0.0.60:389/??base ) > filter: (objectClass=posixAccount) > requesting: sAMAccountName > # extended LDIF > # > # LDAPv3 > # base <dc=DaCrib,dc=local> (default) with scope subtree > # filter: (objectClass=posixAccount) > # requesting: sAMAccountName > # > > # search result > search: 2 > result: 1 Operations error > text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform > this operation a successful bind must be completed on the connection., > data 0, vece > > # numResponses: 1 > ---------------------------- > > So the question is ... why is it failing to bind? > > No firewalls are running on either server (at the moment). It should > bind anonymously (I think). I tried turning up the debug level on the > ldapsearch, but that told me nothing I could understand. :-) > > Thoughts? ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] using OpenLDAP with Active Directory
From: Jason Stelzer <jason.stelzer@gmail.com>

Re: [PLUG] using OpenLDAP with Active Directory
From: Andrew Tsen <kloaker@gmail.com>

Re: [PLUG] using OpenLDAP with Active Directory
From: Stephen Gran <steve@lobefin.net>

References:

[PLUG] using OpenLDAP with Active Directory
From: Mike Leone <turgon@mike-leone.com>

Prev by Date: [PLUG] Opendedup: Open Source Deduplication for Linux

Next by Date: Re: [PLUG] using OpenLDAP with Active Directory

Previous by thread: [PLUG] using OpenLDAP with Active Directory

Next by thread: Re: [PLUG] using OpenLDAP with Active Directory

Index(es):

Date

Thread