[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: How do I tell ldapsearch to authenticate to the referred to LDAP server when chasing a referral?
- To: "Comisario, Alejandro" <acomisario@siscat.com.ar>
- Subject: RE: How do I tell ldapsearch to authenticate to the referred to LDAP server when chasing a referral?
- From: "Gavin Henry" <ghenry@suretecsystems.com>
- Date: Tue, 17 Jul 2007 19:15:03 +0100 (BST)
- Cc: openldap-software@openldap.org
- Importance: Normal
- In-reply-to: <5341EB12706351489DEFADBFEF06CC6898EAAC@mercurio.sc.com>
- References: <5341EB12706351489DEFADBFEF06CC6898EAAC@mercurio.sc.com>
- User-agent: SquirrelMail/1.4.10a-1.fc6
<quote who="Comisario, Alejandro">
> YES!
> It is, if i query the AD directly, it Works.
>
> Ldapsearch -b "ou=prueba,dc=adsc,dc=com" -H ldap://adldap.adsc.com -D
> "cn=admin,cn=users,dc=adsc,dc=com" -W
>
> WORKS!!!
> But the referral don't
Try my verbose logging and paste in your reply
>
> --
> Alejandro D. Comisario
> Sistemas Catastrales S.A.
> Depto. Tecnología y Seguridad Informática
> (5411) 4326.4002 int. 273
> Buenos Aires, Argentina
> acomisario@siscat.com.ar
>
>
> -----Mensaje original-----
> De: Gavin Henry [mailto:ghenry@suretecsystems.com]
> Enviado el: martes, 17 de julio de 2007 15:08
> Para: Comisario, Alejandro
> CC: openldap-software@openldap.org
> Asunto: RE: How do I tell ldapsearch to authenticate to the referred to
> LDAP
> server when chasing a referral?
>
> <quote who="Comisario, Alejandro">
>> Gavin.
>> Thanks for the answer, the thing is, and i could't say it befote, on the
>> other side of the openLDAP is an Active Directory, when i try what you
>> say,
>> it gave me.
>>
>> doldap@root # ldapsearch -b "ou=prueba,dc=adsc,dc=com" \
>> -H ldap://doldap.sc.com -D "cn=admin,cn=users,dc=adsc,dc=com" -W -x
>> Enter LDAP Password:
>> ldap_bind: Invalid credentials (49)
>>
>>
>> Any Ideas?
>
> Is cn=admin,cn=users,dc=adsc,dc=com in AD?
>
> Gavin.
>
>>
>>
>> -----Mensaje original-----
>> De: Gavin Henry [mailto:ghenry@suretecsystems.com]
>> Enviado el: martes, 17 de julio de 2007 13:59
>> Para: Comisario, Alejandro
>> CC: openldap-software@openldap.org
>> Asunto: Re: How do I tell ldapsearch to authenticate to the referred to
>> LDAP
>> server when chasing a referral?
>>
>> <quote who="Comisario, Alejandro">
>>> Hello everyone.
>>>
>>> I have an OpenLDAP 2.3.30 running on Debian Etch Stable in a DMZ,
>>> managing
>>> external users for an application.
>>> But at the same time i want this openLDAP to comunicate when given for
>>> a
>>> specific DN with another directory service on my internal network.
>>> The connection between the two machines passing thru the firewall is
>>> correct.
>>>
>>> The reference are:
>>> openLDAP machine : doldap.sc.com with domain dc=si,dc=com
>>> the other directory : adldap.adsc.com with domain dc=adsc,dc=com
>>>
>>> I defined the referral like this:
>>> dn: ou=test,dc=adsc,dc=com
>>> objectClass: referral
>>> objectClass: extensibleObject
>>> dc: prueba
>>> ref: ldap://adldap.adsc.com/ou=test,dc=adsc,dc=com
>>>
>>> So, when i query something like this (anonymous):
>>> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x
>>>
>>> I get this response:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter:
>>> (objectclass=*) # requesting: ALL #
>>>
>>> # search result
>>> search: 2
>>> result: 10 Referral
>>> ref: ldap://adldap.adsc.com/ou=prueba,dc=adsc,dc=com??sub
>>>
>>> # numResponses: 1
>>>
>>> So, apparently the referral for that query is found, next i tell
>>> ldapsearch
>>> to follow it:
>>> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C
>>>
>>> The openLDAP try to follow the referral and get this response from the
>>> other
>>> service:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter:
>>> (objectclass=*) # requesting: ALL #
>>>
>>> # search result
>>> search: 2
>>> result: 1 Operations error
>>> text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform
>>> this
>>> operation a successful bind must be completed on the connection., data
>>> 0,
>>> vece
>>>
>>> # numResponses: 1
>>>
>>> So, How do I tell ldapsearch to authenticate to the referred to LDAP
>>> server
>>> when chasing a referral?
>>> Hope someone can helpme.
>>
>> You need to actually bind as a user, e.g.:
>>
>> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C -D
>> "uid=blah,dc=adsc,dc=com" -W
>>
>> Gavin.
>>
>>>
>>> Regards.
>>>
>>> .A l e j a n d r o.
>>>
>>>
>>>
>>>
>>
>