[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLdap Proxy with CentOS 6.3
Le 10/09/2012 14:20, GERF a écrit :
Guillaume,
You wrote: The second URL seems invalid, unless you managed to make your
server reply without SSL on port 636.
My Answer: So, should I removed it so I can make it reply with SSL ?
No, using ldap protocol on port 636 won't work.
And either you need SSL connections by default, and you should use only
an ldaps:// URI, either you don't, and you should use an ldap:// URI.
That doesn't make any sense to use SSL as a fallback if an initial
non-connection failed, which is the sense of multiple values for this
variable.
BTW, this file (/etc/openldap/ldap.conf) just defines default for
openldap libraries, which are only used if the application doesn't
specify one. You'd better use an explicit -H option in your ldapsearch
command, as you do with an explicit -b option.
You wrote: Which seems to be a valid AD answer. Did you managed to
successfully execute the same query against AD directly ?
My Answer: That answer is unknown user or password. When you say against
AD, you mean using Ldp.exe ? It does reply successfully with simple bind
authentication. See Below.
You can use whatever client, as long as you use the same in both test:
direct connection vs connection through the proxy. You're assuming the
authentication error comes from the proxy, but you don't have any
evidence for it.
--
BOFH excuse #201:
RPC_PMAP_FAILURE