Hi,
since it is working for a lot of people (including some of our customers) it seems that you are doing something wrong.
What about the contents of your entries: Are you sure that you have the attribute userPassword with the value
{SASL}<username>@<AD-realm>
set in all entries that are to bind via AD?
Cheers,
Peter
Am 22.11.2013 15:05, schrieb Willy Ramos:
Em 22/11/2013 09:21, Andrew Findlay escreveu:
On Wed, Nov 20, 2013 at 02:55:43PM -0200, Willy Ramos wrote:
Subject: Re: Openldap for proxy AD
Have you tried following the examples in the Admin Guide?
http://www.openldap.org/doc/admin24/security.html#Pass-Through%20authenticat...
There is a detailed setup and diagnosic guide there which should help you to isolate the problem.
Andrew
Thanks Andrew,
I was testing based in this Admin Guide.
When I Check that the user can bind to AD:
ldapsearch -x -H ldap://dc1.example.com/ \ -D cn=user,cn=Users,DC=ad,DC=example,DC=com \ -w userpassword \ -b cn=user,cn=Users,DC=ad,DC=example,DC=com \ Or with -s base \ "(objectclass=*)" Or
testsaslauthd -u user -p userpassword
It´s works.
I was reading about and Seems don´t find the schemas of objectclass or userPassword attribute;
But I could not resolve yet.
See the logs
Nov 22 11:57:30 mail slapd[18370]: conn=1192 fd=11 ACCEPT from IP=127.0.0.1:51698 (IP=0.0.0.0:636) Nov 22 11:57:30 mail slapd[18370]: conn=1192 fd=11 TLS established tls_ssf=256 ssf=256 Nov 22 11:57:30 mail slapd[18370]: conn=1192 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Nov 22 11:57:30 mail slapd[18370]: conn=1192 op=0 STARTTLS Nov 22 11:57:30 mail slapd[18370]: conn=1192 op=0 RESULT oid= err=1 text=TLS already started Nov 22 11:57:30 mail slapd[18370]: conn=1192 op=1 UNBIND Nov 22 11:57:30 mail slapd[18370]: conn=1192 fd=11 closed
Thanks.