[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: problem with ldap backend



> Hi
>
> Just wondering if the features is supposed to work ?  Am I delving into
> experimental code ?

It works as intended.  The error message you receive is quite
self-explanatory: AD wants a successful bind, and you're requesting
bindmethod=none (i.e. bind with empty DN).  You may want to try
bindmethod=simple

p.

>> -----Original Message-----
>> From: Alex Samad - Yieldbroker
>> Sent: Thursday, 29 March 2012 9:28 AM
>> To: openldap-technical@openldap.org
>> Subject: RE: problem with ldap backend
>>
>> Hi
>>
>> I have progressed a little bit further
>>
>> I have stopped using olcdbaclbind and started to use
>>
>> olcDbIDAssertAuthzFrom: "*"
>> olcDbIDAssertBind: bindmethod=none authzId="CN=ad
>> readonly,OU=Services ,DC= xyz,DC=com" credentials="secret" starttls=no
>>
>>
>> but I get this
>>
>> text: 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform
>> this
>> ope  ration a successful bind must be completed on the connection., data
>> 0,
>> v1db1
>>
>>
>> I am able to ldapsearch with these credentials, I also tried change
>> bindmethod to simple, but same error
>>
>> How do I turn on debug for the ldap backend ?
>>
>> Any one have any ideas on how to make this work ?
>>
>>
>> Alex
>>
>>
>> > -----Original Message-----
>> > From: openldap-technical-bounces@OpenLDAP.org
>> > [mailto:openldap-technical- bounces@OpenLDAP.org] On Behalf Of Alex
>> > Samad - Yieldbroker
>> > Sent: Wednesday, 28 March 2012 1:58 PM
>> > To: openldap-technical@openldap.org
>> > Subject: problem with ldap backend
>> >
>> > Hi
>> >
>> > I am trying to setup a connection from openldap to MS AD
>> >
>> > I am using this
>> >
>> > dn: olcDatabase={3}ldap
>> > objectClass: olcDatabaseConfig
>> > objectClass: olcLDAPConfig
>> > olcDatabase: {3}ldap
>> > olcSuffix: dc=xyz,dc=com
>> > olcAccess: {0}to dn.base="" by * read
>> > olcAccess: {1}to dn.base="cn=Subschema" by * read
>> > olcAccess: {2}to * by self write by users read by anonymous auth
>> > olcReadOnly: TRUE
>> > olcRootDN:
>> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>> > olcSizeLimit: 500
>> > olcDbURI: "ldap://dc101. xyz.com ldap://dc201. xyz.com"
>> > olcDbRebindAsUser: TRUE
>> > olcDbChaseReferrals: TRUE
>> >
>> >
>> > This works fine when I pass a bind DN.
>> >
>> > I would like to convert this to allow anon access to ldap, which does
>> > a user bind to MS AD so I added this
>> >
>> >
>> > olcdbaclbind: bindmethod=simple binddn="CN=ad readonly,OU= xyz,DC=
>> > xyz,DC=com" credentials="secret" starttls=no
>> >
>> > but it is not working, I can not make a anon search request, they
>> > retrieve any thing frome the MSAD ldap server.
>> >
>> > Thanks
>> >
>> >
>> >
>> >
>
>
>
>