YES! It is, if i query the AD directly, it Works. Ldapsearch -b "ou=prueba,dc=adsc,dc=com" -H ldap://adldap.adsc.com -D "cn=admin,cn=users,dc=adsc,dc=com" -W WORKS!!! But the referral don't

-- Alejandro D. Comisario Sistemas Catastrales S.A. Depto. Tecnología y Seguridad Informática (5411) 4326.4002 int. 273 Buenos Aires, Argentina acomisario(a)siscat.com.ar -----Mensaje original----- De: Gavin Henry [mailto:ghenry@suretecsystems.com] Enviado el: martes, 17 de julio de 2007 15:08 Para: Comisario, Alejandro CC: openldap-software(a)openldap.org Asunto: RE: How do I tell ldapsearch to authenticate to the referred to LDAP server when chasing a referral? <quote who="Comisario, Alejandro"> > Gavin. > Thanks for the answer, the thing is, and i could't say it befote, on the > other side of the openLDAP is an Active Directory, when i try what you > say, > it gave me. > > doldap@root # ldapsearch -b "ou=prueba,dc=adsc,dc=com" \ > -H ldap://doldap.sc.com -D "cn=admin,cn=users,dc=adsc,dc=com" -W -x > Enter LDAP Password: > ldap_bind: Invalid credentials (49) > > > Any Ideas? Is cn=admin,cn=users,dc=adsc,dc=com in AD? Gavin. > > > -----Mensaje original----- > De: Gavin Henry [mailto:ghenry@suretecsystems.com] > Enviado el: martes, 17 de julio de 2007 13:59 > Para: Comisario, Alejandro > CC: openldap-software(a)openldap.org > Asunto: Re: How do I tell ldapsearch to authenticate to the referred to > LDAP > server when chasing a referral? > > <quote who="Comisario, Alejandro"> >> Hello everyone. >> >> I have an OpenLDAP 2.3.30 running on Debian Etch Stable in a DMZ, >> managing >> external users for an application. >> But at the same time i want this openLDAP to comunicate when given for >> a >> specific DN with another directory service on my internal network. >> The connection between the two machines passing thru the firewall is >> correct. >> >> The reference are: >> openLDAP machine : doldap.sc.com with domain dc=si,dc=com >> the other directory : adldap.adsc.com with domain dc=adsc,dc=com >> >> I defined the referral like this: >> dn: ou=test,dc=adsc,dc=com >> objectClass: referral >> objectClass: extensibleObject >> dc: prueba >> ref: ldap://adldap.adsc.com/ou=test,dc=adsc,dc=com >> >> So, when i query something like this (anonymous): >> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x >> >> I get this response: >> # extended LDIF >> # >> # LDAPv3 >> # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter: >> (objectclass=*) # requesting: ALL # >> >> # search result >> search: 2 >> result: 10 Referral >> ref: ldap://adldap.adsc.com/ou=prueba,dc=adsc,dc=com??sub >> >> # numResponses: 1 >> >> So, apparently the referral for that query is found, next i tell >> ldapsearch >> to follow it: >> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C >> >> The openLDAP try to follow the referral and get this response from the >> other >> service: >> # extended LDIF >> # >> # LDAPv3 >> # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter: >> (objectclass=*) # requesting: ALL # >> >> # search result >> search: 2 >> result: 1 Operations error >> text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform >> this >> operation a successful bind must be completed on the connection., data >> 0, >> vece >> >> # numResponses: 1 >> >> So, How do I tell ldapsearch to authenticate to the referred to LDAP >> server >> when chasing a referral? >> Hope someone can helpme. > > You need to actually bind as a user, e.g.: > > ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C -D > "uid=blah,dc=adsc,dc=com" -W > > Gavin. > >> >> Regards. >> >> .A l e j a n d r o. >> >> >> >> >