With minimal information as requested by the moderators multiple times. Why doesn't idassert-bind work as expected? When I try an anonymous query to an "LDAP" server via an OpenLDAP server configured as a proxy (backend meta , or backend ldap), the query fails because the OpenLDAP server does not bind (even when I try setting the "idassert-bind" option).
# sample failed anonymous query to AD via OpenLDAP ldapsearch -H "ldap://localhost/" -b "ou=windows,dc=rfa,dc=org" -x
# expected query to be performed by ldap server ldapsearch -H "ldap://dc1.rfa.org/" -b "cn=users,dc=rfa,dc=org" \ -D "CN=LDAP Proxy user account,OU=Windows,DC=rfa,DC=org" -W \ -x
# using (tcpdump -x -s0 port 389) I never see a bind sent from OpenLDAP, # and instead I see an error returned from the "LDAP" server because a # bind not successful.
# backend meta portion of the slapd.conf file ##database ldap database meta
suffix "ou=windows,dc=rfa,dc=org" uri "ldap://dc1.rfa.org/ou=windows,dc=rfa,dc=org"
suffixmassage ou=windows,dc=rfa,dc=org cn=users,dc=rfa,dc=org
idassert-authzFrom "dn:*" #Xidassert-bind bindmethod=simple binddn="ldap-proxy@rfa.org" credentials="222222" idassert-bind bindmethod=simple binddn="CN=LDAP Proxy user account,OU=Windows,DC=rfa,DC=org" credentials="222222" mode=none dncache-ttl 60
My environment is made up of Debian stable (4.0 Etch) on the workstations and OpenLDAP server, OpenLDAP 2.3.30-5 on the server. "LDAP" Server on the remote end.
thank you, donfede