Re: [PLUG] using OpenLDAP with Active Directory

Mike Leone on 26 Mar 2010 11:50:48 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] using OpenLDAP with Active Directory

From: Mike Leone <turgon@mike-leone.com>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] using OpenLDAP with Active Directory

Date: Fri, 26 Mar 2010 14:50:48 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.24 (Windows/20100228)

Jason Stelzer had this to say: > Sorry, I'm only half reading things.. i suck at multitasking. > > try something like this: > > ldapsearch -Hldap://fqdn.domain.controller -tt -x -D > "username@domain.controller" -b "dc=your,dc=base,dc=DN" -W -L > "cn=whatever" > > Can you get a command like that to bind? Grrrr ... when I specify everything on the command line like that, yes, it works. When I specify my ldap-proxy user and password in my /etc/ldap/ldap.conf file, then NO, the silly thing comes back with the original error ... root@workhorse:/etc/ldap# ldapsearch -v -x -H ldap://10.0.0.60 "(objectClass=user)" sAMAccountName ldap_initialize( ldap://10.0.0.60:389/??base ) filter: (objectClass=user) requesting: sAMAccountName # extended LDIF # # LDAPv3 # base <dc=DaCrib,dc=local> (default) with scope subtree # filter: (objectClass=user) # requesting: sAMAccountName # # search result search: 2 result: 1 Operations error text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this ope ration a successful bind must be completed on the connection., data 0, vece # numResponses: 1 -------------------- root@workhorse:/etc/ldap# more ldap.conf host 10.0.0.60 base dc=DaCrib,dc=local binddn CN=LDAP Proxy,CN=Users,DC=DaCrib,DC=local bindpw XXXXXXX # The distinguished name to bind to the server with # if the effective user ID is root. Password is # stored in /etc/ldap.secret (mode 600) # rootbinddn cn=Administrator,dc=dacrib,dc=local # RFC 2307 (AD) mappings # <to> <from> nss_map_attribute userPassword sambaPassword nss_map_attribute gecos name nss_map_attribute uid unixName nss_map_attribute shadowLastChange pwdLastSet nss_map_objectclass posixGroup group pam_filter objectclass=User pam_password crypt nss_initgroups_ignoreusers avahi,backup,bin,daemon,dhcp,dovecot,festival,games,gnats,haldaemon,hplip,irc,klog,li buuid,list,lp,mail,man,messagebus,mysql,news,polkituser,postfix,proxy,root,saned,sshd,sync,sys,syslog,uucp,www-d ata --------------------- This is what your command tells me is the DN of the account I am trying to use to bind with # LDAP Proxy, Users, DaCrib.local dn: CN=LDAP Proxy,CN=Users,DC=DaCrib,DC=local Did I mis-specify it in the ldap.conf? ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

References:

[PLUG] using OpenLDAP with Active Directory
From: Mike Leone <turgon@mike-leone.com>

Re: [PLUG] using OpenLDAP with Active Directory
From: Mike Leone <turgon@mike-leone.com>

Re: [PLUG] using OpenLDAP with Active Directory
From: Jason Stelzer <jason.stelzer@gmail.com>

Re: [PLUG] using OpenLDAP with Active Directory
From: Mike Leone <turgon@mike-leone.com>

Re: [PLUG] using OpenLDAP with Active Directory
From: Jason Stelzer <jason.stelzer@gmail.com>

Prev by Date: Re: [PLUG] using OpenLDAP with Active Directory

Next by Date: Re: [PLUG] using OpenLDAP with Active Directory

Previous by thread: Re: [PLUG] using OpenLDAP with Active Directory

Next by thread: Re: [PLUG] using OpenLDAP with Active Directory

Index(es):

Date

Thread