Hello,
I have installed OpenLDAP on my Windows machine (Windows 10) and configured a connection to our company LDAP. The connection is via LDAPS.
Here is my slapd.conf
#LDAP Backend configuration file # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. ucdata-path ./ucdata include ./schema/core.schema include ./schema/cosine.schema include ./schema/nis.schema include ./schema/inetorgperson.schema
pidfile ./run/slapd.pid argsfile ./run/slapd.args
# Full log level loglevel 32768 16384 2048 1024 512 256 128 64 32 16 8 4 2 1 sizelimit 10000 timelimit 10000
# Enable TLS if port is defined for ldaps (to openldap) TLSVerifyClient never #TLSCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:!RC4:HIGH:!MD5:!aNULL:!EDH:!EXP:!SSLV2:!eNULL TLSCipherSuite HIGH:MEDIUM:-SSLv2:-SSLv3 TLSProtocolMin 3.3 TLSCertificateFile ./secure/certs/maxcrc.cert.pem TLSCertificateKeyFile ./secure/certs/maxcrc.key.pem TLSCACertificateFile ./secure/certs/maxcrc.cert.pem
# Configuration for Connection to company.local database meta suffix "DC=company,DC=local" rootdn "DC=company,DC=local" rebind-as-user yes uri ldaps://DC001.company.local:636/dc=company,DC=local lastmod off chase-referrals no idassert-bind bindmethod=simple binddn="cn=CN=User Name,OU=Users,OU=Orga,DC=company,DC=local" credentials=XXX tls_reqcert=never tls_cacert=./secure/certs/company-ca.pem tls ldaps tls_reqcert=allow tls_cacert=./secure/certs/company-ca.pem
overlay rwm rwm-map attribute uid samaccountname rwm-map attribute member memberOf rwm-map attribute sn sn rwm-map attribute givenname givenname rwm-map attribute intials initials
When I connect to the OpenLDAP server with Softerra LDAP-Browser and search the directory I don't get any results, when the results are more than 65 entries. When I use paging in the search (to restrict the results to only 65 results) then it works. On a machine of a colleague the limit is 70 results. We didn't find any information where an restriction on the LDAP server could be.
Any idea why the results are limited?
When I do a connection without SSL it works fine.
--On Thursday, June 25, 2020 11:20 AM +0000 a.leurs@consense-gmbh.de wrote:
uri ldaps://DC001.company.local:636/dc=company,DC=local
Any idea why the results are limited?
When I do a connection without SSL it works fine.
Is that an active directory server the meta backend is talking to? This behavior is not uncommon with AD and would require a change to AD made by the AD administrator.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Yes it's an active directory. What changes are needed there, we searched but didn't find an answer.
--On Friday, June 26, 2020 1:51 PM +0000 a.leurs@consense-gmbh.de wrote:
Yes it's an active directory. What changes are needed there, we searched but didn't find an answer.
I personally avoid active directory and so can't really answer that. But this is a persistent issue I've seen come up over the years. I'd assume you have an active directory admin on site who can help with this, or perhaps contact microsoft support?
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
The change is that you need to increase the maximum number of results a query can return. I am not the AD administrator, so I just know they had to raise the limit. ________________________________________ From: a.leurs@consense-gmbh.de a.leurs@consense-gmbh.de Sent: Friday, June 26, 2020 8:51:39 AM To: openldap-technical@openldap.org Subject: Re: OpenLDAP results limited via SSL?
Yes it's an active directory. What changes are needed there, we searched but didn't find an answer.
openldap-technical@openldap.org
-
a.leurs@consense-gmbh.de -
Francis Swasey -
Quanah Gibson-Mount