Andrew Tsen on 26 Mar 2010 11:17:55 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] using OpenLDAP with Active Directory

Could be one of the following:

anonymous bind
port (SSL vs. nonSSL)
OS related (Win2K vs. Win2K3)


Do you have another DC preferably running Windows 2000?

I had similar issue with my openLDAP proxy setup and for the life of me, I couldn't bind to Windows 2003 server but the same setup works for Windows 2000.








On Fri, Mar 26, 2010 at 1:53 PM, Mike Leone <turgon@mike-leone.com> wrote:
Anyone? I've also posted this on OpenLDAP mailing list, with no response
(so far - I only sent it today).



Mike Leone had this to say:
> I'm trying to configure lib-nss to use OpenLDAP against my Active
> Directory. But I seem to be having lots of problems even getting it to
> bind properly.
>
> AD server = 10.0.0.60
> AD domain name = DaCrib.local
>
> Here's the ldap.conf:
>
> ------------------------
> host 10.0.0.60
>
> base dc=DaCrib,dc=local
>
> # RFC 2307 (AD) mappings
> # <to> <from>
> nss_map_attribute userPassword sambaPassword
> nss_map_attribute gecos name
> nss_map_attribute uid unixName
> nss_map_attribute shadowLastChange pwdLastSet
> nss_map_objectclass posixGroup group
> pam_filter objectclass=User
> pam_password crypt
>
> nss_initgroups_ignoreusers
> avahi,backup,bin,daemon,dhcp,dovecot,festival,games,gnats,haldaemon,hplip,irc,klog,libuuid,list,lp,mail,man,messagebus,mysql,news,polkituser,postfix,proxy,root,saned,sshd,sync,sys,
>
> syslog,uucp,www-data
> --------------------------
>
> Here's what an "ldapsearch" gives me: (command line will wrap in email)
>
> --------------------------
> ldapsearch -v -x -H ldap://10.0.0.60 "(objectClass=posixAccount)"
> sAMAccountName
>
> ldap_initialize( ldap://10.0.0.60:389/??base )
> filter: (objectClass=posixAccount)
> requesting: sAMAccountName
> # extended LDIF
> #
> # LDAPv3
> # base <dc=DaCrib,dc=local> (default) with scope subtree
> # filter: (objectClass=posixAccount)
> # requesting: sAMAccountName
> #
>
> # search result
> search: 2
> result: 1 Operations error
> text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform
> this operation a successful bind must be completed on the connection.,
> data 0, vece
>
> # numResponses: 1
> ----------------------------
>
> So the question is ... why is it failing to bind?
>
> No firewalls are running on either server (at the moment). It should
> bind anonymously (I think). I tried turning up the debug level on the
> ldapsearch, but that told me nothing I could understand. :-)
>
> Thoughts?

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug



--
- Drew
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug