> -----Original Message----- [ snip ]
> # search reference > ref: > ldap://DomainDnsZones.my.domain.name/DC=DomainDnsZones,DC=my,DC=domain, > DC > =name > > # search result > search: 5 > result: 0 Success > > # numResponses: 3 > # numEntries: 1 > # numReferences: 1 > > So something still isn't right. Damn, just realized that I was listing my attributes wrong. I was doing "cn,givenName,sn", and they should have read "cn givenName sn". With that fixed, the ldapsearch worked. # Name\2C User, Users, BRI, my.domain.name dn: CN=Name\, User,OU=Users,OU=BRI,DC=my,DC=domain,DC=name cn: Name, User sn: Name givenName: User # search reference ref: ldap://DomainDnsZones.my.domain.name/DC=DomainDnsZones,DC=my,DC=domain,DC=name # search result search: 5 result: 0 Success # numResponses: 3 # numEntries: 1 # numReferences: 1 So I've gone back to FR's LDAP module and thought I'd give "ldap_debug" a try, despite the warning. Surprisingly, it spit out one extra line in my debug: rlm_ldap: performing search in dc=my,dc=domain,dc=name, with filter (sAMAccountName=username) Unable to chase referral "ldap://my.domain.name/dc=my,dc=domain,dc=name"; (-1: Can't contact LDAP server) rlm_ldap: ldap_search() failed: Referral If I copy and paste that url "ldap://my.domain.name/dc=my,dc=domain,dc=name"; into my Windows box, it opens LDAP Browser and connects just fine to my domain, so I assume the syntax of that is right. And if I use just "my.domain.name" in ldapsearch as the host, it works there as well. Any idea why this wouldn't work? Out of curiousity, do I need to configure OpenLDAP on the server at all? Or does this module's conf take care of that for me, for this purpose? John H. Moe Network Support - Hatch IT HATCH Tel: +61 (7) 3166 7777 Direct: +61 (7) 3166 7684 Fax: +61 (7) 3368 3754 Mobile: +61 438 772 425 61 Petrie Terrace, Brisbane, Queensland Australia 4011 ***************************** NOTICE - This message from Hatch is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential or proprietary. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. By communicating with us via e-mail, you accept such risks. When addressed to our clients, any information, drawings, opinions or advice (collectively, "information") contained in this e-mail is subject to the terms and conditions expressed in the governing agreements. Where no such agreement exists, the recipient shall neither rely upon nor disclose to others, such information without our written consent. Unless otherwise agreed, we do not assume any liability with respect to the accuracy or completeness of the information set out in this e-mail. If you have received this message in error, please notify us immediately by return e-mail and destroy and delete the message from your computer.
smime.p7s
Description: S/MIME cryptographic signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
