Hi
Thanks, I have also tried bind=simple, same error, I have tested the dn and the password with ldapsearch
Thanks
-----Original Message----- From: masarati@aero.polimi.it [mailto:masarati@aero.polimi.it] Sent: Sunday, 1 April 2012 6:17 PM To: Alex Samad - Yieldbroker Cc: 'openldap-technical@openldap.org' Subject: RE: problem with ldap backend
Hi
Just wondering if the features is supposed to work ? Am I delving into experimental code ?
It works as intended. The error message you receive is quite self-explanatory: AD wants a successful bind, and you're requesting bindmethod=none (i.e. bind with empty DN). You may want to try bindmethod=simple
p.
-----Original Message----- From: Alex Samad - Yieldbroker Sent: Thursday, 29 March 2012 9:28 AM To: openldap-technical@openldap.org Subject: RE: problem with ldap backend
Hi
I have progressed a little bit further
I have stopped using olcdbaclbind and started to use
olcDbIDAssertAuthzFrom: "*" olcDbIDAssertBind: bindmethod=none authzId="CN=ad readonly,OU=Services ,DC= xyz,DC=com" credentials="secret" starttls=no
but I get this
text: 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this ope ration a successful bind must be completed on the connection., data 0, v1db1
I am able to ldapsearch with these credentials, I also tried change bindmethod to simple, but same error
How do I turn on debug for the ldap backend ?
Any one have any ideas on how to make this work ?
Alex
-----Original Message----- From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical- bounces@OpenLDAP.org] On Behalf Of
Alex
Samad - Yieldbroker Sent: Wednesday, 28 March 2012 1:58 PM To: openldap-technical@openldap.org Subject: problem with ldap backend
Hi
I am trying to setup a connection from openldap to MS AD
I am using this
dn: olcDatabase={3}ldap objectClass: olcDatabaseConfig objectClass: olcLDAPConfig olcDatabase: {3}ldap olcSuffix: dc=xyz,dc=com olcAccess: {0}to dn.base="" by * read olcAccess: {1}to dn.base="cn=Subschema" by * read olcAccess: {2}to * by self write by users read by anonymous auth olcReadOnly: TRUE olcRootDN:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
olcSizeLimit: 500 olcDbURI: "ldap://dc101. xyz.com ldap://dc201. xyz.com" olcDbRebindAsUser: TRUE olcDbChaseReferrals: TRUE
This works fine when I pass a bind DN.
I would like to convert this to allow anon access to ldap, which does a user bind to MS AD so I added this
olcdbaclbind: bindmethod=simple binddn="CN=ad readonly,OU=
xyz,DC=
xyz,DC=com" credentials="secret" starttls=no
but it is not working, I can not make a anon search request, they retrieve any thing frome the MSAD ldap server.
Thanks