[PLUG] using OpenLDAP with Active Directory

Mike Leone on 24 Mar 2010 19:58:00 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

• From: Mike Leone <turgon@mike-leone.com>
• To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
• Subject: [PLUG] using OpenLDAP with Active Directory
• Date: 2010年3月24日 22:57:55 -0400
• Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
• Sender: plug-bounces@lists.phillylinux.org
• User-agent: Thunderbird 2.0.0.24 (Windows/20100228)

---

I'm trying to configure lib-nss to use OpenLDAP against my Active 
Directory. But I seem to be having lots of problems even getting it to 
bind properly.
AD server = 10.0.0.60
AD domain name = DaCrib.local
Here's the ldap.conf:
------------------------
host 10.0.0.60
base dc=DaCrib,dc=local
# RFC 2307 (AD) mappings
# <to> <from>
nss_map_attribute userPassword sambaPassword
nss_map_attribute gecos name
nss_map_attribute uid unixName
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
pam_filter objectclass=User
pam_password crypt
nss_initgroups_ignoreusers 
avahi,backup,bin,daemon,dhcp,dovecot,festival,games,gnats,haldaemon,hplip,irc,klog,libuuid,list,lp,mail,man,messagebus,mysql,news,polkituser,postfix,proxy,root,saned,sshd,sync,sys,
syslog,uucp,www-data
--------------------------
Here's what an "ldapsearch" gives me: (command line will wrap in email)
--------------------------
ldapsearch -v -x -H ldap://10.0.0.60 "(objectClass=posixAccount)" 
sAMAccountName
ldap_initialize( ldap://10.0.0.60:389/??base )
filter: (objectClass=posixAccount)
requesting: sAMAccountName
# extended LDIF
#
# LDAPv3
# base <dc=DaCrib,dc=local> (default) with scope subtree
# filter: (objectClass=posixAccount)
# requesting: sAMAccountName
#
# search result
search: 2
result: 1 Operations error
text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform 
this operation a successful bind must be completed on the connection., 
data 0, vece
# numResponses: 1
----------------------------
So the question is ... why is it failing to bind?
No firewalls are running on either server (at the moment). It should 
bind anonymously (I think). I tried turning up the debug level on the 
ldapsearch, but that told me nothing I could understand. :-)
Thoughts?
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

---

• Follow-Ups:
  • Re: [PLUG] using OpenLDAP with Active Directory
    • From: Mike Leone <turgon@mike-leone.com>
  • Re: [PLUG] using OpenLDAP with Active Directory
    • From: Ben Love <blove+plug@kylimar.com>

• Prev by Date: Re: [PLUG] [plug-announce] Policy Discussion: plug-announce list
• Next by Date: [PLUG] [plug-announce] Policy change for plug-announce
• Previous by thread: Re: [PLUG] Linux SMTP honeypots?
• Next by thread: Re: [PLUG] using OpenLDAP with Active Directory
• Index(es):
  • Date
  • Thread