|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] using OpenLDAP with Active Directory
|
The only thing I can think of is that anonymous binds aren't being
permitted. When I was doing stuff with ldap I generally created a
'system' user account that could bind and query the appropriate data.
Your first order of business should probably be to get binds working
via ldapsearch (try creating an account in ldap to narrow down if its
an issue with anonymous binds or if its an issue with how you are
connecting). There are a lot of details to sweat. make sure your
basedn is correct. Make sure the protocol you are using is what you
expect (v2 vs v3).
Once you get a bind to work, the next thing to worry about is
permissions to see things, but that's a little more straight forward
to troubleshoot.
On Fri, Mar 26, 2010 at 1:53 PM, Mike Leone <turgon@mike-leone.com> wrote:
> Anyone? I've also posted this on OpenLDAP mailing list, with no response
> (so far - I only sent it today).
>
>
>
> Mike Leone had this to say:
>> I'm trying to configure lib-nss to use OpenLDAP against my Active
>> Directory. But I seem to be having lots of problems even getting it to
>> bind properly.
>>
>> AD server = 10.0.0.60
>> AD domain name = DaCrib.local
>>
>> Here's the ldap.conf:
>>
>> ------------------------
>> host 10.0.0.60
>>
>> base dc=DaCrib,dc=local
>>
>> # RFC 2307 (AD) mappings
>> # <to> <from>
>> nss_map_attribute userPassword sambaPassword
>> nss_map_attribute gecos name
>> nss_map_attribute uid unixName
>> nss_map_attribute shadowLastChange pwdLastSet
>> nss_map_objectclass posixGroup group
>> pam_filter objectclass=User
>> pam_password crypt
>>
>> nss_initgroups_ignoreusers
>> avahi,backup,bin,daemon,dhcp,dovecot,festival,games,gnats,haldaemon,hplip,irc,klog,libuuid,list,lp,mail,man,messagebus,mysql,news,polkituser,postfix,proxy,root,saned,sshd,sync,sys,
>>
>> syslog,uucp,www-data
>> --------------------------
>>
>> Here's what an "ldapsearch" gives me: (command line will wrap in email)
>>
>> --------------------------
>> ldapsearch -v -x -H ldap://10.0.0.60 "(objectClass=posixAccount)"
>> sAMAccountName
>>
>> ldap_initialize( ldap://10.0.0.60:389/??base )
>> filter: (objectClass=posixAccount)
>> requesting: sAMAccountName
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=DaCrib,dc=local> (default) with scope subtree
>> # filter: (objectClass=posixAccount)
>> # requesting: sAMAccountName
>> #
>>
>> # search result
>> search: 2
>> result: 1 Operations error
>> text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform
>> this operation a successful bind must be completed on the connection.,
>> data 0, vece
>>
>> # numResponses: 1
>> ----------------------------
>>
>> So the question is ... why is it failing to bind?
>>
>> No firewalls are running on either server (at the moment). It should
>> bind anonymously (I think). I tried turning up the debug level on the
>> ldapsearch, but that told me nothing I could understand. :-)
>>
>> Thoughts?
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
>
--
J.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|