Thanks for reply. I’ve tried what you suggested, it works ofc., but when I am searching with application. Is this config correct (I’ve added second AD) ? What I want to achieve is to have both directories “joined” because my App is not able to connect to 2 different at once. I can only configure one of each attributes like - BaseDN and one BindDN+BindPW. Can I search with BindDN cn=admin,dc=all BaseDN dc=all? So both directories will be searched?
Or how should I achieve it ? database ldap suffix "cn=admin,dc=all" rootdn "cn=admin,dc=all" rootpw "password" database ldap suffix “ou=domain.com,dc=all" uri ldap://IPADDRESSofActiveDirectory idassert-bind bindmethod=simple binddn=“CN=bind,CN=Users,DC=real,DC=suffix" credentials=“password" mode=none flags=non-prescriptive idassert-authzFrom "dn.exact:cn=admin,dc=all" overlay rwm rwm-suffixmassage "ou=domain.com,dc=all" “dc=real,dc=suffix” database ldap suffix “ou=domain2.com,dc=all" uri ldap://IPADDRESSofActiveDirectory idassert-bind bindmethod=simple binddn=“CN=bind2,CN=Users2,DC=real2,DC=suffix2" credentials=“password" mode=none flags=non-prescriptive idassert-authzFrom "dn.exact:cn=admin,dc=all" overlay rwm rwm-suffixmassage "ou=domain2.com,dc=all" “dc=real2,dc=suffix2” > On 13 Jan 2019, at 18:57, Clément OUDOT <[email protected]> wrote: > > > > Le 13/01/2019 à 16:26, Martin Toth a écrit : >> Hi all, >> >> I just installed LTB package for Debian to Ubuntu from LTB repo, but its >> does not work either. Logs showing same behaviour, I cannot see BaseDN - >> endless fetching. >> This is from syslog (repeating): >> >> Jan 13 09:20:42 mysql2 slapd[12912]: conn=1013 fd=41 ACCEPT from >> IP=[::1]:54728 (IP=[::]:389) >> Jan 13 09:20:42 mysql2 slapd[12912]: conn=1013 op=0 BIND dn="" method=128 >> Jan 13 09:20:42 mysql2 slapd[12912]: conn=1013 op=0 RESULT tag=97 err=0 text= >> Jan 13 09:20:42 mysql2 slapd[12912]: conn=1013 op=1 SRCH >> base="cn=admin,dc=all" scope=0 deref=3 filter="(objectClass=*)" >> Jan 13 09:20:42 mysql2 slapd[12912]: conn=1013 op=1 SRCH >> attr=hasSubordinates objectClass >> >> It’s default installation with only modify of >> /usr/local/openldap/etc/openldap/slapd.conf, I’ve added (only one >> modification) : >> >> database ldap >> suffix "cn=admin,dc=all" >> rootdn "cn=admin,dc=all" >> rootpw "password" >> >> database ldap >> suffix “ou=domain.com <http://domain.com/>,dc=all" >> uri ldap://IPADDRESSofActiveDirectory <ldap://IPADDRESSofActiveDirectory> >> idassert-bind bindmethod=simple >> binddn=“CN=bind,CN=Users,DC=real,DC=suffix" >> credentials=“password" >> mode=none >> flags=non-prescriptive >> idassert-authzFrom "dn.exact:cn=admin,dc=all" >> >> overlay rwm >> rwm-suffixmassage "ou=domain.com <http://domain.com/>,dc=all" >> “dc=real,dc=suffix” >> >> I can’t understand where is the problem. Thanks for help in advance. >> > > > Hello, try to search on your LDAP proxy as "cn=admin,dc=all" and not as > anonymous, else the bind on AD side will also be done as anonymous, on AD > display no entry in this case. > > -- > Clément Oudot | Identity Solutions Manager > > [email protected] <mailto:[email protected]> > > Worteks | https://www.worteks.com > <https://www.worteks.com/>_______________________________________________ > ltb-dev mailing list > [email protected] > https://lists.ltb-project.org/cgi-bin/mailman/listinfo/ltb-dev
_______________________________________________ ltb-dev mailing list [email protected] https://lists.ltb-project.org/cgi-bin/mailman/listinfo/ltb-dev
