Re: [Ltb-users] Self Service Password 0.4 and AD 2008

Wed, 04 Aug 2010 01:26:52 -0700 

Le 3 août 2010 19:46, Cédric Lemarchand <[email protected]> a écrit :
> Hi all,
>
> We are trying to use SSP with our new AD 2008 R2, but unsuccessfully.
> Platform used is a Debian Lenny.
>
> Here are the configurations files details and the errors log from Apache.
>
> # /etc/ldap/ldap.conf :
>
> ---
> BASE    dc=ixdark-alpha,dc=corp
> URI    ldaps://192.168.220.32
> #BASE    dc=dom,dc=local
> #URI    ldap://192.168.220.36
>
> #SIZELIMIT    12
> #TIMELIMIT    15
> #DEREF        never
> TLS_REQCERT never
> ---
>
> # /usr/share/self-service-password/config.inc.php :
>
> ---
> $ldap_url = "ldaps://192.168.220.32:636";
> $ldap_binddn = "cn=Administrateur,cn=Users,dc=ixdark-alpha,dc=corp";
> $ldap_bindpw = "topsecret";
> $ldap_base = "CN=Users,DC=ixdark-alpha,DC=corp";
>
> $ldap_filter = "(&(objectClass=user)(sAMAccountName={login}))";
>
> $ad_mode = true;
>
> $who_change_password = "manager";
> ---
>
>
> # /var/log/apache2/ssp_error.log :
>
> ---
> [Tue Aug 03 19:31:09 2010] [error] [client 192.168.220.51] LDAP - Modify
> password error 53 (Server is unwilling to perform), referer:
> http://192.168.220.176/
> ---
>
>
> # Some package versions :
>
> lenny:~# dpkg -l |grep php5
> ii  libapache2-mod-php5               5.2.6.dfsg.1-1+lenny8
> server-side, HTML-embedded scripting language (Apache 2 module
> ii  php5                              5.2.6.dfsg.1-1+lenny8
> server-side, HTML-embedded scripting language (metapackage)
> ii  php5-cli                          5.2.6.dfsg.1-1+lenny8
> command-line interpreter for the php5 scripting language
> ii  php5-common                       5.2.6.dfsg.1-1+lenny8
> Common files for packages built from the php5 source
> ii  php5-gd                           5.2.6.dfsg.1-1+lenny8           GD
> module for php5
> ii  php5-ldap                         5.2.6.dfsg.1-1+lenny8
> LDAP module for php5
> lenny:~#
> lenny:~# dpkg -l |grep ldap
> ii  ldap-utils                        2.4.11-1+lenny2
> OpenLDAP utilities
> ii  libldap-2.4-2                     2.4.11-1+lenny2
> OpenLDAP libraries
>
>
> Do we miss something ?
>
> Thx in advance
> --
>
> *Cedric** Lemarchand - iXSea SAS*
>

Hi,

Can your debien server contact your AD (telnet on port 636) ?
By the way, you have to install ssl extention on AD to get a valid certificate.

Thomas.

-- 
Thomas Chemineau
_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users

Reply via email to