Subject: Getting output from proxied Active Directory connection
After all that, I try the same thing again today, and it works first time!! However, I seem to be having problems with the idassert section. When I do an ldapsearch, if I specify a username and password on the command line, it works, but doesn't use the idassert details.
If I just do:
ldapsearch -x -b "cn=Chris Clemson,ou=users,ou=SITE,ou=Corp,ou=Service Delivery,DC=emea,DC=corp,DC=local"
I get:
"48 Inappropriate authentication"
If I do:
ldapsearch -b "cn=Chris Clemson,ou=users,ou=SITE,ou=Corp,ou=Service Delivery,DC=emea,DC=corp,DC=local"
I get:
SASL/OTP authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no OTP secret in database
Basically I'm trying to give read only access to anonymous clients. According to something I've read, I need to use idassert-authzFrom too, but surely I don't need this if I want to allow anonymous connections? Any idea what I'm missing?
Below is my config:
Slapd.conf
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/MSOutlook.schema <- custom one I found on for other attributes pidfile /var/openldap/run/slapd.pid argsfile /var/openldap/run/slapd.args Moduleload back_ldap.la access to * by * read database ldap uri ldap://LOCALDC suffix "dc=emea,dc=corp,dc=local" idassert-bind bindmethod=simple binddn="cn=OpenLDAP Access
Account,cn=users,DC=emea,DC=corp,DC=local"
credentials="xxxxx" mode=none
Thank you,
Chris