Re: ldap proxy to AD - UnicodePwd: attribute type undefined

Thu, 30 Jul 2015 07:04:54 -0700 

Am Thu, 30 Jul 2015 14:00:06 +0200
schrieb Meike Stone <[email protected]>:

> Hello
> 
> 
> I've installed a openldap as proxy in a DMZ for authentication
> forwarding to an Active Directoy.
> The Proxy is used by a VPN gateway.
> 
> That all works very well, but password change from client fails with
> following error:
> 
> slapd[30661]: conn=1001 op=5 do_modify
> slapd[30661]: conn=1001 op=5 do_modify: dn
> (cn=XPTEST5,ou=Users,dc=myorg,dc=net) slapd[30661]: >>>
> dnPrettyNormal: <cn=TEST5,ou=Users,dc=myorg,dc=net> slapd[30661]: <<<
> dnPrettyNormal: <cn=TEST5,ou=Users,dc=myorg,dc=net>,
> <cn=xptest5,ou=users,dc=myorg,dc=net> slapd[30661]: conn=1001 op=5
> modifications: slapd[30661]:   delete: UnicodePwd
> slapd[30661]:           one value, length 26
> slapd[30661]:   add: UnicodePwd
> slapd[30661]:           one value, length 26
> slapd[30661]: conn=1001 op=5 MOD
> dn="cn=TEST5,ou=Users,dc=myorg,dc=net" slapd[30661]: conn=1001 op=5
> MOD attr=UnicodePwd UnicodePwd slapd[30661]: send_ldap_result:
> conn=1001 op=5 p=3 slapd[30661]: send_ldap_result: err=17 matched=""
> text="UnicodePwd: attribute type undefined"
> slapd[30661]: send_ldap_response: msgid=6 tag=103 err=17
> slapd[30661]: conn=1001 op=5 RESULT tag=103 err=17 text=UnicodePwd:
> attribute type undefined
> slapd[30661]: daemon: activity on 1 descriptor
> slapd[30661]: daemon: activity on:
> slapd[30661]:
> slapd[30661]: daemon: epoll: listen=7 active_threads=0 tvp=zero
> slapd[30661]: daemon: activity on 1 descriptor
> slapd[30661]: daemon: activity on:
> 
> As I understand, UnicodePwd is a proprietary "standard" MS attribute
> in AD to store the password but the RFC attribute is the userPassword.
> 
> 
> Is it possible, to get the proxy working to process this MOD request,
> may be that openldap proxy pass through the MOD operation with the
> attribute UnicodePwd from the VPN-gateway?
[...]

create a private schema with all relevant attribute types and object
classes.Or get the AD schema and add it to your directories
configuration.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

Reply via email to