Hello all,
I have been working with this project for a straight two weeks and i feel lost or stuck.
The goal is to query Windows AD from the linux box located in the DMZ
So, in my virtual lab I have the following:
Windows AD with ip 172.16.5.16 ldap1.gerf02.local CentOS 6.3 with ip 172.16.5.32 upildap01.gerf02.local
So, my configuration files are as follows:
-*-*-*-*-*-*-*-*-*/etc/openldap/ldap.conf:-*-*-*-*-*-*-*-*-*-*
BASE dc=gerf02,dc=local URI ldap://172.16.5.16 ldap://172.16.5.16:636
#SIZELIMIT 12 #TIMELIMIT 15 #DEREF never
#TLS_CACERTDIR /etc/openldap/certs TLS_CACERTDIR /etc/pki/tls/certs/stratus_cert.pem
*-*--**-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
*-*-*-*-*-*-**-*-*-*-/etc/sysconfig/ldap-*-*-*-*-*-*-*-*-*-*-*-*-*-* SLAPD_LDAP=yes SLAPD_LDAPI=yes SLAPD_LDAPS=yes
-**-*-**-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-**-*-*-*
-*-*-*-*-*-*-*-*-**-*/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif-*-*-*-*-*-*-*-*-*-*-*-*** dn: olcDatabase={2}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {2}bdb olcSuffix: dc=gerf02,dc=local olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=Ldap Bind Account,dc=gerf02,dc=local olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap olcDbCacheSize: 1000 olcDbCheckpoint: 1024 15 olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass pres,eq olcDbIndex: cn pres,eq,sub olcDbIndex: uid pres,eq,sub olcDbIndex: uidNumber pres,eq olcDbIndex: gidNumber pres,eq olcDbIndex: ou pres,eq,sub olcDbIndex: loginShell pres,eq olcDbIndex: mail pres,eq,sub olcDbIndex: sn pres,eq,sub olcDbIndex: givenName pres,eq,sub olcDbIndex: memberUid pres,eq,sub olcDbIndex: nisMapName pres,eq,sub olcDbIndex: nisMapEntry pres,eq,sub olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: 0a5111d8-8f04-1031-8728-33c9f43311c7 creatorsName: cn=config createTimestamp: 20120909195524Z entryCSN: 20120909195524.946151Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20120909195524Z olcRootPW: {SSHA}2LzGLoDUm/iPav9Ijm/nLfAtxn9WndvP olcTLSCertificateFile: /etc/pki/tls/certs/stratus_cert.pem olcTLSCertificateKeyFile: /etc/pki/tls/certs/stratus_key.pem
-**--**-*-*--*-*-*-**-*-*-*-*--*-*-*-**-*-**-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-***-**
-**-*-*-*-*-*-*-*-**-/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif-*-*-*-*-*-*-*-***-*-*
dn: olcDatabase={1}monitor objectClass: olcDatabaseConfig olcDatabase: {1}monitor olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=externa l,cn=auth" read by dn.base="cn=Ldap Bind Account,dc=gerf02,dc=local" read by * break olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcSyncUseSubentry: FALSE olcMonitoring: FALSE structuralObjectClass: olcDatabaseConfig entryUUID: 0a5108dc-8f04-1031-8727-33c9f43311c7 creatorsName: cn=config createTimestamp: 20120909195524Z entryCSN: 20120909195524.946151Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20120909195524Z
-**--**-*-*--*-*-*-**-*-*-*-*--*-*-*-**-*-**-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-***-**-*-*---*-*-**
So, when I execute the following, I get this message
ldapsearch -x -b dc=gerf02,dc=local -D cn=Ldap Bind Account,dc=gerf02,dc=local -W Enter LDAP Password: ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
Thanks for your help, G