Hello all,

I have been working with this project for a straight two weeks and i feel lost or stuck.

The goal is to query Windows AD from the linux box located in the DMZ

So, in my virtual lab I have the following:

Windows AD with ip  172.16.5.16 ldap1.gerf02.local
CentOS 6.3 with ip 172.16.5.32 upildap01.gerf02.local

So, my configuration files are as follows:

-*-*-*-*-*-*-*-*-*/etc/openldap/ldap.conf:-*-*-*-*-*-*-*-*-*-*

BASE    dc=gerf02,dc=local
URI     ldap://172.16.5.16 ldap://172.16.5.16:636

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

#TLS_CACERTDIR  /etc/openldap/certs
TLS_CACERTDIR  /etc/pki/tls/certs/stratus_cert.pem

*-*--**-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

*-*-*-*-*-*-**-*-*-*-/etc/sysconfig/ldap-*-*-*-*-*-*-*-*-*-*-*-*-*-*
SLAPD_LDAP=yes
SLAPD_LDAPI=yes
SLAPD_LDAPS=yes

-**-*-**-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-**-*-*-*

-*-*-*-*-*-*-*-*-**-*/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif-*-*-*-*-*-*-*-*-*-*-*-***
dn: olcDatabase={2}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {2}bdb
olcSuffix: dc=gerf02,dc=local
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=Ldap Bind Account,dc=gerf02,dc=local
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap
olcDbCacheSize: 1000
olcDbCheckpoint: 1024 15
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass pres,eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq,sub
olcDbIndex: uidNumber pres,eq
olcDbIndex: gidNumber pres,eq
olcDbIndex: ou pres,eq,sub
olcDbIndex: loginShell pres,eq
olcDbIndex: mail pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbIndex: memberUid pres,eq,sub
olcDbIndex: nisMapName pres,eq,sub
olcDbIndex: nisMapEntry pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: 0a5111d8-8f04-1031-8728-33c9f43311c7
creatorsName: cn=config
createTimestamp: 20120909195524Z
entryCSN: 20120909195524.946151Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120909195524Z
olcRootPW: {SSHA}2LzGLoDUm/iPav9Ijm/nLfAtxn9WndvP
olcTLSCertificateFile: /etc/pki/tls/certs/stratus_cert.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/stratus_key.pem

-**--**-*-*--*-*-*-**-*-*-*-*--*-*-*-**-*-**-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-***-**

-**-*-*-*-*-*-*-*-**-/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif-*-*-*-*-*-*-*-***-*-*

dn: olcDatabase={1}monitor
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to *  by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=externa
 l,cn=auth" read  by dn.base="cn=Ldap Bind Account,dc=gerf02,dc=local" read  by * break
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: 0a5108dc-8f04-1031-8727-33c9f43311c7
creatorsName: cn=config
createTimestamp: 20120909195524Z
entryCSN: 20120909195524.946151Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120909195524Z

-**--**-*-*--*-*-*-**-*-*-*-*--*-*-*-**-*-**-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-***-**-*-*---*-*-**

So, when I execute the following, I get this message

ldapsearch -x -b dc=gerf02,dc=local -D cn=Ldap Bind Account,dc=gerf02,dc=local -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

Thanks for your help,
G