<quote who="Comisario, Alejandro">
YES! It is, if i query the AD directly, it Works.
Ldapsearch -b "ou=prueba,dc=adsc,dc=com" -H ldap://adldap.adsc.com -D "cn=admin,cn=users,dc=adsc,dc=com" -W
WORKS!!! But the referral don't
Try my verbose logging and paste in your reply
-- Alejandro D. Comisario Sistemas Catastrales S.A. Depto. TecnologĂa y Seguridad Informática (5411) 4326.4002 int. 273 Buenos Aires, Argentina acomisario@siscat.com.ar
-----Mensaje original----- De: Gavin Henry [mailto:ghenry@suretecsystems.com] Enviado el: martes, 17 de julio de 2007 15:08 Para: Comisario, Alejandro CC: openldap-software@openldap.org Asunto: RE: How do I tell ldapsearch to authenticate to the referred to LDAP server when chasing a referral?
<quote who="Comisario, Alejandro"> > Gavin. > Thanks for the answer, the thing is, and i could't say it befote, on the > other side of the openLDAP is an Active Directory, when i try what you > say, > it gave me. > > doldap@root # ldapsearch -b "ou=prueba,dc=adsc,dc=com" \ > -H ldap://doldap.sc.com -D "cn=admin,cn=users,dc=adsc,dc=com" -W -x > Enter LDAP Password: > ldap_bind: Invalid credentials (49) > > > Any Ideas?
Is cn=admin,cn=users,dc=adsc,dc=com in AD?
Gavin.
-----Mensaje original----- De: Gavin Henry [mailto:ghenry@suretecsystems.com] Enviado el: martes, 17 de julio de 2007 13:59 Para: Comisario, Alejandro CC: openldap-software@openldap.org Asunto: Re: How do I tell ldapsearch to authenticate to the referred to LDAP server when chasing a referral?
<quote who="Comisario, Alejandro"> > Hello everyone. > > I have an OpenLDAP 2.3.30 running on Debian Etch Stable in a DMZ, > managing > external users for an application. > But at the same time i want this openLDAP to comunicate when given for > a > specific DN with another directory service on my internal network. > The connection between the two machines passing thru the firewall is > correct. > > The reference are: > openLDAP machine : doldap.sc.com with domain dc=si,dc=com > the other directory : adldap.adsc.com with domain dc=adsc,dc=com > > I defined the referral like this: > dn: ou=test,dc=adsc,dc=com > objectClass: referral > objectClass: extensibleObject > dc: prueba > ref: ldap://adldap.adsc.com/ou=test,dc=adsc,dc=com > > So, when i query something like this (anonymous): > ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x > > I get this response: > # extended LDIF > # > # LDAPv3 > # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter: > (objectclass=*) # requesting: ALL # > > # search result > search: 2 > result: 10 Referral > ref: ldap://adldap.adsc.com/ou=prueba,dc=adsc,dc=com??sub > > # numResponses: 1 > > So, apparently the referral for that query is found, next i tell > ldapsearch > to follow it: > ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C > > The openLDAP try to follow the referral and get this response from the > other > service: > # extended LDIF > # > # LDAPv3 > # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter: > (objectclass=*) # requesting: ALL # > > # search result > search: 2 > result: 1 Operations error > text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform > this > operation a successful bind must be completed on the connection., data > 0, > vece > > # numResponses: 1 > > So, How do I tell ldapsearch to authenticate to the referred to LDAP > server > when chasing a referral? > Hope someone can helpme.
You need to actually bind as a user, e.g.:
ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C -D "uid=blah,dc=adsc,dc=com" -W
Gavin.
Regards.
.A l e j a n d r o.