You are trying to authenticate through the credentials stored in your active directory servers, not the passwords stored in LDAP, correct? If that is the case, then the easiest means to accomplish that are to use SASL for authentication.
On Tue, Nov 19, 2013 at 12:59 PM, wrm@cdtn.br wrote:
Hi, I´m with some troubles to do authentication in AD trough of Openldap.
Somebody managed to authenticate with AD password in Openldap Server?
I´m trying everything but don´t auth. I see all users but the password don´t pass.
My slapd.conf like this :
# include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema
#allow bind_v2
loglevel 256 #referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules: modulepath /usr/lib/openldap #moduleload back_bdb moduleload accesslog.la moduleload auditlog.la moduleload ppolicy.la moduleload rwm.la moduleload back_ldap
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt TLSCertificateFile /etc/pki/tls/certs/slapd.pem TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
#######################################################################
database ldap suffix "dc=foobar" rootdn "cn=admin,dc=foobar" ################################### rootpw {SSHA}wXmTs2ANS4XwqqnzEVIqmc+i6VCUiD7I
database ldap suffix dc=foobar,dc=com #subordinate rebind-as-user uri ldaps://srv-2003.foobar.com idassert-bind bindmethod=simple binddn="cn=vmail,cn=users,dc=foobar,dc=com" credentials=abc@123 mode=none flags=non-prescriptive
idassert-authzFrom "dn.regex:.*" #idassert-authzFrom "dn.exact:cn=admin,dc=foobar" # chase-referrals yes
require authc ############################# ###########password-hash {CLEARTEXT} TLSCipherSuite HiGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3 TLSVerifyClient allow sasl-host localhost sasl-secprops none
######################################################################### database config # all others attributes are readable to everybody
access to * by * read
lastmod off
overlay rwm rwm-suffixmassage dc=foobar,dc=com #rwm-normalize-mapped-attrs rwm-map attribute uid sAMAccountName rwm-map attribute cn name #rwm-map attribute mail userPrincipalName rwm-map objectclass account
What is wrong?
Please help me.
Thanks.