Hi, I´m with some troubles to do authentication in AD trough of Openldap.
Somebody managed to authenticate with AD password in Openldap Server?
I´m trying everything but don´t auth. I see all users but the password don´t pass.
My slapd.conf like this :
# include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema
#allow bind_v2
loglevel 256 #referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules: modulepath /usr/lib/openldap #moduleload back_bdb moduleload accesslog.la moduleload auditlog.la moduleload ppolicy.la moduleload rwm.la moduleload back_ldap
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt TLSCertificateFile /etc/pki/tls/certs/slapd.pem TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
#######################################################################
database ldap suffix "dc=foobar" rootdn "cn=admin,dc=foobar" ################################### rootpw {SSHA}wXmTs2ANS4XwqqnzEVIqmc+i6VCUiD7I
database ldap suffix dc=foobar,dc=com #subordinate rebind-as-user uri ldaps://srv-2003.foobar.com idassert-bind bindmethod=simple binddn="cn=vmail,cn=users,dc=foobar,dc=com" credentials=abc@123 mode=none flags=non-prescriptive
idassert-authzFrom "dn.regex:.*" #idassert-authzFrom "dn.exact:cn=admin,dc=foobar" # chase-referrals yes
require authc ############################# ###########password-hash {CLEARTEXT} TLSCipherSuite HiGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3 TLSVerifyClient allow sasl-host localhost sasl-secprops none
######################################################################### database config # all others attributes are readable to everybody
access to * by * read
lastmod off
overlay rwm rwm-suffixmassage dc=foobar,dc=com #rwm-normalize-mapped-attrs rwm-map attribute uid sAMAccountName rwm-map attribute cn name #rwm-map attribute mail userPrincipalName rwm-map objectclass account
What is wrong?
Please help me.
Thanks.