You need to figure out how the service is determining where
to go search. If it is just asking for any DC of a domain, you are going to get
a list of DCs back and the client app is going to figure out which one it wants
to go to. I don't think you want to be mucking in DNS to fix this.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Fountain
Sent: Thursday, April 20, 2006 9:45 PM
To: [email protected]
Subject: RE: [ActiveDir] Weird Ldap issue with redhat 2.1 and AD
I think I know the problem. the ldap service needs to
log into AD so it can search the basedir. I do not allow Anonymous
searches. For some reason, it's logging in on that remote server and not a
local server. How can I fix that via dns?
Kind Regards,
Jennifer Fountain
Security System
Analyst
3400 E Walnut Street
Colmar, PA 18915
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Fountain
Sent: Thursday, April 20, 2006 8:56 PM
To: [email protected]
Subject: RE: [ActiveDir] Weird Ldap issue with redhat 2.1 and AD
AD4Unix
This is really weird. I am pointing to a windows 2000
server using ldaps but searching a response from a windows 2003 using ldap.
Kind Regards,
Jennifer Fountain
Security System
Analyst
3400 E Walnut Street
Colmar, PA 18915
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Thursday, April 20, 2006 8:48 PM
To: [email protected]
Subject: Re: [ActiveDir] Weird Ldap issue with redhat 2.1 and AD
On 4/20/06, Jennifer
Fountain <[EMAIL PROTECTED]>
wrote:
I currently have my redhat 2.1 linux box configured to authenicate
against my windows 2000/2003 AD box. For some reason, even though I
have the following configuration, the box is trying to access a remote
server at a remote site. The remote server isn't in the configuration
but the server still tries to access it. Problem still occurs when ssl
is turned off. I cannot figure out the issue. Has anyone experienced
similar issues?
/etc/openldap/ldap.conf
HOST x.x.x.x
uri ldaps://server
BASE dc=3Dxx,dc=3Dxxx
/etc/ldap.conf
host x.x.x.x
uri ldaps://server
base dc=3Dxx,dc=3Dxx
ldap_version 3
binddn cn=3Dxxx,ou=3Dxxx,dc=3Dxx,dc=3Dxx bindpw xxx
scope sub
port 636
pam_filter objectclass=3Duser
pam_login_attribute sAMAccountName
ssl yes
pam_password ad
nss_base_passwd ou=3Dxx,dc=3Dxx,dc=3Dxx?sub
nss_base_shadow ou=3Dxx,dc=3Dxx,dc=3Dxx?sub
nss_base_group ou=3Dxx,dc=3Dxx,dc=3Dxx?sub
nss_map_objectclass posixAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute uniqueMember Member
nss_map_attribute userPassword msSFUPassword nss_map_attribute
homeDirectory msSFUHomeDirectory nss_map_objectclass posixGroup Group
nss_map_attribute cn sAMAccountName
Kind Regards,
Jennifer Fountain
Security System Analyst
3400 E Walnut Street
Colmar, PA 18915
CONFIDENTIALITY NOTE
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the
material from any computer.
CONFIDENTIALITY NOTE
The information transmitted is intended only for the person or
entity to which it is addressed and may contain confidential
and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of any action in
reliance
upon, this information by persons or entities other than the
intended
recipient is prohibited. If you received this in error, please
contact the sender and delete the material from any computer.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
CONFIDENTIALITY NOTE The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
CONFIDENTIALITY NOTE The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
