Hello,
I have successfully managed to create my SSL-Connection to the OpenLDAP and from the OpenLDAP the two different Active Directorys.
But now when I perform a search with only a wildcard (e.g. (sn=*)), I don't get any results. A search with the filter (sn=l*) works fine. I get all users wich lastname starts with the letter 'l'.
When I switch back to LDAP instead of LDAPS it works fine.
Here is my slapd.conf:
#LDAP Backend configuration file # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. ucdata-path ./ucdata include ./schema/core.schema include ./schema/cosine.schema include ./schema/nis.schema include ./schema/inetorgperson.schema
pidfile ./run/slapd.pid argsfile ./run/slapd.args
# Full log level loglevel 32768 16384 2048 1024 512 256 128 64 32 16 8 4 2 1 sizelimit unlimited timelimit unlimited
# Enable TLS if port is defined for ldaps (to openldap) TLSVerifyClient never TLSCipherSuite HIGH:MEDIUM:-SSLv2:-SSLv3 TLSProtocolMin 3.3 TLSCertificateFile ./secure/certs/maxcrc.cert.pem TLSCertificateKeyFile ./secure/certs/maxcrc.key.pem TLSCACertificateFile ./secure/certs/maxcrc.cert.pem
# Configuration for Connection to example.com database meta suffix "DC=example,DC=com" rootdn "DC=example,DC=com" rebind-as-user yes uri ldaps://example.com:636/dc=example,DC=com lastmod off chase-referrals no idassert-bind bindmethod=simple binddn="cn=CN=username,OU=Users,OU=Orga,DC=example,DC=com" credentials="XXXX" tls_reqcert=never tls_cacert=./secure/certs/example.pem tls ldaps tls_reqcert=allow tls_cacert=./secure/certs/example.pem
# Configuration for Connection to Test-LDAP uri ldap://ldap.andrew.cmu.edu/dc=test,dc=exapmle,dc=com suffixmassage "dc=test,dc=example,dc=com" "dc=edu,dc=meta,dc=com"
overlay rwm rwm-map attribute uid samaccountname rwm-map attribute member memberOf rwm-map objectclass inetOrgPerson user
I thought maybe the size limit is exceeded.
But when I go back to a ldap connection (instead of a ldaps-connection) it works fine.
What are the full ldapsearch commands you are using? And what is the output?
On Jun 14, 2020, at 11:03 PM, a.leurs@consense-gmbh.de wrote:
I thought maybe the size limit is exceeded.
But when I go back to a ldap connection (instead of a ldaps-connection) it works fine.
--On Monday, June 15, 2020 7:03 AM +0000 a.leurs@consense-gmbh.de wrote:
I thought maybe the size limit is exceeded.
But when I go back to a ldap connection (instead of a ldaps-connection) it works fine.
Active Directory does things differently than OpenLDAP does. What actions are available over ldaps:/// may not match what can be done with startTLS. You'd need to talk to your AD administrator to determine what actions are allowed on which ports, or for them to adjust your permissions.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
a.leurs@consense-gmbh.de -
Quanah Gibson-Mount -
Scott Classen