Followup: using OpenLDAP with Active Directory

Fri, 26 Mar 2010 13:18:06 -0700

So I've made *some* progress. I created a new user in AD, and used this new account to bind with. And, using simple authentication and password prompting, my search worked correctly:
ldapsearch -Hldap://dim-win2300.dacrib.local -tt -x -D "[email protected]" -b "dc=dacrib,dc=local" -W -L "(objectClass=user)" dn 



However, I can't seem to get it to work, if I don't specify the ID and 
password to bind with:


----------------------------

ldapsearch -v -x -Hldap://dim-win2300.dacrib.local "(objectClass=user)" 
sAMAccountName


ldap_initialize( ldap://dim-win2300.dacrib.local:389/??base )
filter: (objectClass=user)
requesting: sAMAccountName
# extended LDIF
#
# LDAPv3
# base <dc=DaCrib,dc=local> (default) with scope subtree
# filter: (objectClass=user)
# requesting: sAMAccountName
#

# search result
search: 2
result: 1 Operations error

text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform 
this operation a successful bind must be completed on the connection., 
data 0, vece


# numResponses: 1
--------------------------


I thought perhaps the problem was that SASL was interferring, so I tried 
to turn it off in ldap.conf, but that didn't seem to work.



As an aside, where does ldap.conf live, in Ubuntu 9.04? I have 2, one in 
/etc and one in /etc/ldap. And I don't know which one (if either) is 
being read ... is there any way to tell which one is in use?


-------------------
host 10.0.0.60
base dc=DaCrib,dc=local

#binddn CN=ldap-proxy,CN=Users,DC=DaCrib,DC=local
binddn [email protected]
bindpw XXXXXXXX

use_sasl        off
SASL_SECPROPS none
SSL no

# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
# rootbinddn cn=Administrator,dc=dacrib,dc=local

# RFC 2307 (AD) mappings
# <to> <from>
nss_map_attribute userPassword sambaPassword
nss_map_attribute gecos name
nss_map_attribute uid unixName
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
pam_filter objectclass=User
pam_password crypt


nss_initgroups_ignoreusers 
avahi,backup,bin,daemon,dhcp,dovecot,festival,games,gnats,haldaemon,hplip,irc,klog,li

buuid,list,lp,mail,man,messagebus,mysql,news,polkituser,postfix,proxy,root,saned,sshd,sync,sys,syslog,uucp,www-d
ata
-----------------------


Anyone? I feel I am close, but can't figure out why doing it 
interactively from the command line binds and searches, and relying on 
the ldap.conf to supply that information does not ...


Thanks














    











					Reply via email to