[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[Rivendell] idassert-bind not working as expected?
With minimal information as requested by the moderators multiple times. Why
doesn't idassert-bind work as expected? When I try an anonymous query to an
"LDAP" server via an OpenLDAP server configured as a proxy (backend meta , or
backend ldap), the query fails because the OpenLDAP server does not bind (even
when I try setting the "idassert-bind" option).
# sample failed anonymous query to AD via OpenLDAP
ldapsearch -H "ldap://localhost/" -b "ou=windows,dc=rfa,dc=org" -x
# expected query to be performed by ldap server
ldapsearch -H "ldap://dc1.rfa.org/" -b "cn=users,dc=rfa,dc=org" \
-D "CN=LDAP Proxy user account,OU=Windows,DC=rfa,DC=org" -W \
-x
# using (tcpdump -x -s0 port 389) I never see a bind sent from OpenLDAP,
# and instead I see an error returned from the "LDAP" server because a
# bind not successful.
# backend meta portion of the slapd.conf file
##database ldap
database meta
suffix "ou=windows,dc=rfa,dc=org"
uri "ldap://dc1.rfa.org/ou=windows,dc=rfa,dc=org"
suffixmassage ou=windows,dc=rfa,dc=org
cn=users,dc=rfa,dc=org
idassert-authzFrom "dn:*"
#Xidassert-bind bindmethod=simple binddn="ldap-proxy@rfa.org" credentials="222222"
idassert-bind bindmethod=simple binddn="CN=LDAP Proxy user account,OU=Windows,DC=rfa,DC=org" credentials="222222" mode=none
dncache-ttl 60
My environment is made up of Debian stable (4.0 Etch) on the workstations and
OpenLDAP server, OpenLDAP 2.3.30-5 on the server. "LDAP" Server on the remote
end.
thank you,
donfede
--
Federico Grau
Free Software Developer and Sysadmin
Radio Free Asia
2025 M Street, NW
Suite 300
Washington, DC 20036
202-587-2046 Telephone
202-721-7468 Facsimile
CONFIDENTIAL COMMUNICATION
This e-mail message is intended only for the use of the addressee and may
contain information that is privileged and confidential. Any unauthorized
dissemination, distribution, or copying is strictly prohibited. If you
receive this transmission in error, please contact network@rfa.org.
_______________________________________________
Rivendell mailing list
Rivendell@techweb.rfa.org
http://techweb.rfa.org/mailman/listinfo/rivendell