On Thu, Jun 18, 2009 at 8:07 PM, Richard Anderson<[email protected]> wrote: > Almost makes it seem like a user/password error but I'm sure it's not. > Here's my ldap configuration from /etc/cobbler/settings: > > ldap_server: "<ad box>" > ldap_base_dn: "DC=<our dc>" > ldap_port: 389 > ldap_tls: 0 > ldap_anonymous_bind: 0 > ldap_search_bind_dn: 'CN=Cobbler,CN=Users,DC=<our dc>' > ldap_search_passwd: '<cobbler pw>' > ldap_search_prefix: 'uid=' > > I've tried it with and without the last line but it appears to make no > difference. Note that the settings listed above work just fine in Softerra > LDAP Browser as well as ldapsearch. Here's the command entered with > ldapsearch as a test: > > [cobbler tmp]# ldapsearch -LLL -x -b 'DC=<our dc>' -D > 'CN=Cobbler,CN=Users,DC=<our dc>' -w <cobbler pw> -H ldap://<ad > box> "sAMAccountName=Cobbler" > > And it pulls back the information just fine. So it's definitely > authenticating with our AD box without issue.
Just guessing, I never tried cobbler in combination with AD, but you're using the samaccountname attribute in your ldap search, but not in your cobbler settings. If I remember correctly, before 2003 R2 you had to extend your AD schema with posixAccount and inetOrgPerson objects. There should be lots of info on MSDN, I can't find it though. Ruben _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
