[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: problem with ldap backend
Hi
Just wondering if the features is supposed to work ? Am I delving into experimental code ?
Alex
> -----Original Message-----
> From: Alex Samad - Yieldbroker
> Sent: Thursday, 29 March 2012 9:28 AM
> To: openldap-technical@openldap.org
> Subject: RE: problem with ldap backend
>
> Hi
>
> I have progressed a little bit further
>
> I have stopped using olcdbaclbind and started to use
>
> olcDbIDAssertAuthzFrom: "*"
> olcDbIDAssertBind: bindmethod=none authzId="CN=ad
> readonly,OU=Services ,DC= xyz,DC=com" credentials="secret" starttls=no
>
>
> but I get this
>
> text: 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this
> ope ration a successful bind must be completed on the connection., data 0,
> v1db1
>
>
> I am able to ldapsearch with these credentials, I also tried change
> bindmethod to simple, but same error
>
> How do I turn on debug for the ldap backend ?
>
> Any one have any ideas on how to make this work ?
>
>
> Alex
>
>
> > -----Original Message-----
> > From: openldap-technical-bounces@OpenLDAP.org
> > [mailto:openldap-technical- bounces@OpenLDAP.org] On Behalf Of Alex
> > Samad - Yieldbroker
> > Sent: Wednesday, 28 March 2012 1:58 PM
> > To: openldap-technical@openldap.org
> > Subject: problem with ldap backend
> >
> > Hi
> >
> > I am trying to setup a connection from openldap to MS AD
> >
> > I am using this
> >
> > dn: olcDatabase={3}ldap
> > objectClass: olcDatabaseConfig
> > objectClass: olcLDAPConfig
> > olcDatabase: {3}ldap
> > olcSuffix: dc=xyz,dc=com
> > olcAccess: {0}to dn.base="" by * read
> > olcAccess: {1}to dn.base="cn=Subschema" by * read
> > olcAccess: {2}to * by self write by users read by anonymous auth
> > olcReadOnly: TRUE
> > olcRootDN:
> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> > olcSizeLimit: 500
> > olcDbURI: "ldap://dc101. xyz.com ldap://dc201. xyz.com"
> > olcDbRebindAsUser: TRUE
> > olcDbChaseReferrals: TRUE
> >
> >
> > This works fine when I pass a bind DN.
> >
> > I would like to convert this to allow anon access to ldap, which does
> > a user bind to MS AD so I added this
> >
> >
> > olcdbaclbind: bindmethod=simple binddn="CN=ad readonly,OU= xyz,DC=
> > xyz,DC=com" credentials="secret" starttls=no
> >
> > but it is not working, I can not make a anon search request, they
> > retrieve any thing frome the MSAD ldap server.
> >
> > Thanks
> >
> >
> >
> >