Re: Openldap for proxy AD
You are trying to authenticate through the credentials stored in your
active directory servers, not the passwords stored in LDAP, correct? If
that is the case, then the easiest means to accomplish that are to use SASL
for authentication.
On Tue, Nov 19, 2013 at 12:59 PM, <wrm(a)cdtn.br> wrote:
Hi,
I´m with some troubles to do authentication in AD trough of Openldap.
Somebody managed to authenticate with AD password in Openldap Server?
I´m trying everything but don´t auth. I see all users but the password
don´t pass.
My slapd.conf like this :
#
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
#allow bind_v2
loglevel 256
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib/openldap
#moduleload back_bdb
moduleload accesslog.la
moduleload auditlog.la
moduleload ppolicy.la
moduleload rwm.la
moduleload back_ldap
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
#######################################################################
database ldap
suffix "dc=foobar"
rootdn "cn=admin,dc=foobar"
###################################
rootpw {SSHA}wXmTs2ANS4XwqqnzEVIqmc+i6VCUiD7I
database ldap
suffix dc=foobar,dc=com
#subordinate
rebind-as-user
uri ldaps://srv-2003.foobar.com
idassert-bind bindmethod=simple
binddn="cn=vmail,cn=users,dc=foobar,dc=com"
credentials=abc@123
mode=none
flags=non-prescriptive
idassert-authzFrom "dn.regex:.*"
#idassert-authzFrom "dn.exact:cn=admin,dc=foobar"
#
chase-referrals yes
require authc
#############################
###########password-hash {CLEARTEXT}
TLSCipherSuite HiGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
TLSVerifyClient allow
sasl-host localhost
sasl-secprops none
#########################################################################
database config
# all others attributes are readable to everybody
access to *
by * read
lastmod off
overlay rwm
rwm-suffixmassage dc=foobar,dc=com
#rwm-normalize-mapped-attrs
rwm-map attribute uid sAMAccountName
rwm-map attribute cn name
#rwm-map attribute mail userPrincipalName
rwm-map objectclass account
What is wrong?
Please help me.
Thanks.
--
Jason K. Brandt
Systems Administrator
Bradley University
(309) 677-2958
Attachments:
- attachment.htm (text/html — 4.0 KB)