[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap proxy to AD - UnicodePwd: attribute type undefined
- To: openldap-technical@openldap.org
- Subject: Re: ldap proxy to AD - UnicodePwd: attribute type undefined
- From: Dieter Klünter <dieter@dkluenter.de>
- Date: Thu, 30 Jul 2015 16:02:44 +0200
- In-reply-to: <CAFNHiA86_yY=CnhiDkBmp348A5FCHAtTzxSuySm7VUUswJ5Oug@mail.gmail.com>
- Organization: AVCI
- References: <CAFNHiA86_yY=CnhiDkBmp348A5FCHAtTzxSuySm7VUUswJ5Oug@mail.gmail.com>
Am Thu, 30 Jul 2015 14:00:06 +0200
schrieb Meike Stone <meike.stone@googlemail.com>:
> Hello
>
>
> I've installed a openldap as proxy in a DMZ for authentication
> forwarding to an Active Directoy.
> The Proxy is used by a VPN gateway.
>
> That all works very well, but password change from client fails with
> following error:
>
> slapd[30661]: conn=1001 op=5 do_modify
> slapd[30661]: conn=1001 op=5 do_modify: dn
> (cn=XPTEST5,ou=Users,dc=myorg,dc=net) slapd[30661]: >>>
> dnPrettyNormal: <cn=TEST5,ou=Users,dc=myorg,dc=net> slapd[30661]: <<<
> dnPrettyNormal: <cn=TEST5,ou=Users,dc=myorg,dc=net>,
> <cn=xptest5,ou=users,dc=myorg,dc=net> slapd[30661]: conn=1001 op=5
> modifications: slapd[30661]: delete: UnicodePwd
> slapd[30661]: one value, length 26
> slapd[30661]: add: UnicodePwd
> slapd[30661]: one value, length 26
> slapd[30661]: conn=1001 op=5 MOD
> dn="cn=TEST5,ou=Users,dc=myorg,dc=net" slapd[30661]: conn=1001 op=5
> MOD attr=UnicodePwd UnicodePwd slapd[30661]: send_ldap_result:
> conn=1001 op=5 p=3 slapd[30661]: send_ldap_result: err=17 matched=""
> text="UnicodePwd: attribute type undefined"
> slapd[30661]: send_ldap_response: msgid=6 tag=103 err=17
> slapd[30661]: conn=1001 op=5 RESULT tag=103 err=17 text=UnicodePwd:
> attribute type undefined
> slapd[30661]: daemon: activity on 1 descriptor
> slapd[30661]: daemon: activity on:
> slapd[30661]:
> slapd[30661]: daemon: epoll: listen=7 active_threads=0 tvp=zero
> slapd[30661]: daemon: activity on 1 descriptor
> slapd[30661]: daemon: activity on:
>
> As I understand, UnicodePwd is a proprietary "standard" MS attribute
> in AD to store the password but the RFC attribute is the userPassword.
>
>
> Is it possible, to get the proxy working to process this MOD request,
> may be that openldap proxy pass through the MOD operation with the
> attribute UnicodePwd from the VPN-gateway?
[...]
create a private schema with all relevant attribute types and object
classes.Or get the AD schema and add it to your directories
configuration.
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E