Hello all,
I have been working with this project for a straight two weeks and i feel lost or stuck.
The goal is to query Windows AD from the linux box located in the DMZ
So, in my virtual lab I have the following:
Windows AD with ip 172.16.5.16 ldap1.gerf02.local
CentOS 6.3 with ip 172.16.5.32 upildap01.gerf02.local
So, my configuration files are as follows:
-*-*-*-*-*-*-*-*-*/etc/openldap/ldap.conf:-*-*-*-*-*-*-*-*-*-*
BASE
dc=gerf02,dc=local
URI ldap://172.16.5.16 ldap://172.16.5.16:636
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
#TLS_CACERTDIR /etc/openldap/certs
TLS_CACERTDIR /etc/pki/tls/certs/stratus_cert.pem
*-*--**-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
*-*-*-*-*-*-**-*-*-*-/etc/sysconfig/ldap-*-*-*-*-*-*-*-*-*-*-*-*-*-*
SLAPD_LDAP=yes
SLAPD_LDAPI=yes
SLAPD_LDAPS=yes
-**-*-**-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-**-*-*-*
-*-*-*-*-*-*-*-*-**-*/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif-*-*-*-*-*-*-*-*-*-*-*-***
dn: olcDatabase={2}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {2}bdb
olcSuffix: dc=gerf02,dc=local
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=Ldap Bind Account,dc=gerf02,dc=local
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap
olcDbCacheSize: 1000
olcDbCheckpoint: 1024 15
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass pres,eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid
pres,eq,sub
olcDbIndex: uidNumber pres,eq
olcDbIndex: gidNumber pres,eq
olcDbIndex: ou pres,eq,sub
olcDbIndex: loginShell pres,eq
olcDbIndex: mail pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbIndex: memberUid pres,eq,sub
olcDbIndex: nisMapName pres,eq,sub
olcDbIndex: nisMapEntry pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: 0a5111d8-8f04-1031-8728-33c9f43311c7
creatorsName: cn=config
createTimestamp: 20120909195524Z
entryCSN: 20120909195524.946151Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120909195524Z
olcRootPW: {SSHA}2LzGLoDUm/iPav9Ijm/nLfAtxn9WndvP
olcTLSCertificateFile: /etc/pki/tls/certs/stratus_cert.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/stratus_key.pem
-**--**-*-*--*-*-*-**-*-*-*-*--*-*-*-**-*-**-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-***-**
-**-*-*-*-*-*-*-*-**-/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif-*-*-*-*-*-*-*-***-*-*
dn: olcDatabase={1}monitor
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=externa
l,cn=auth" read by dn.base="cn=Ldap Bind Account,dc=gerf02,dc=local" read by * break
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: 0a5108dc-8f04-1031-8727-33c9f43311c7
creatorsName: cn=config
createTimestamp: 20120909195524Z
entryCSN: 20120909195524.946151Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120909195524Z
-**--**-*-*--*-*-*-**-*-*-*-*--*-*-*-**-*-**-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-***-**-*-*---*-*-**
So, when I execute the following, I get this message
ldapsearch -x -b dc=gerf02,dc=local -D cn=Ldap Bind Account,dc=gerf02,dc=local -W
Enter LDAP Password:
ldap_bind: Invalid credentials
(49)
additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
Thanks for your help,
G