2010/8/4 Thomas Chemineau <[email protected]>: > Le 3 août 2010 19:46, Cédric Lemarchand <[email protected]> a écrit : >> Hi all, >> >> We are trying to use SSP with our new AD 2008 R2, but unsuccessfully. >> Platform used is a Debian Lenny. >> >> Here are the configurations files details and the errors log from Apache. >> >> # /etc/ldap/ldap.conf : >> >> --- >> BASE dc=ixdark-alpha,dc=corp >> URI ldaps://192.168.220.32 >> #BASE dc=dom,dc=local >> #URI ldap://192.168.220.36 >> >> #SIZELIMIT 12 >> #TIMELIMIT 15 >> #DEREF never >> TLS_REQCERT never >> --- >> >> # /usr/share/self-service-password/config.inc.php : >> >> --- >> $ldap_url = "ldaps://192.168.220.32:636"; >> $ldap_binddn = "cn=Administrateur,cn=Users,dc=ixdark-alpha,dc=corp"; >> $ldap_bindpw = "topsecret"; >> $ldap_base = "CN=Users,DC=ixdark-alpha,DC=corp"; >> >> $ldap_filter = "(&(objectClass=user)(sAMAccountName={login}))"; >> >> $ad_mode = true; >> >> $who_change_password = "manager"; >> --- >> >> >> # /var/log/apache2/ssp_error.log : >> >> --- >> [Tue Aug 03 19:31:09 2010] [error] [client 192.168.220.51] LDAP - Modify >> password error 53 (Server is unwilling to perform), referer: >> http://192.168.220.176/ >> --- >> >> >> # Some package versions : >> >> lenny:~# dpkg -l |grep php5 >> ii libapache2-mod-php5 5.2.6.dfsg.1-1+lenny8 >> server-side, HTML-embedded scripting language (Apache 2 module >> ii php5 5.2.6.dfsg.1-1+lenny8 >> server-side, HTML-embedded scripting language (metapackage) >> ii php5-cli 5.2.6.dfsg.1-1+lenny8 >> command-line interpreter for the php5 scripting language >> ii php5-common 5.2.6.dfsg.1-1+lenny8 >> Common files for packages built from the php5 source >> ii php5-gd 5.2.6.dfsg.1-1+lenny8 GD >> module for php5 >> ii php5-ldap 5.2.6.dfsg.1-1+lenny8 >> LDAP module for php5 >> lenny:~# >> lenny:~# dpkg -l |grep ldap >> ii ldap-utils 2.4.11-1+lenny2 >> OpenLDAP utilities >> ii libldap-2.4-2 2.4.11-1+lenny2 >> OpenLDAP libraries >> >> >> Do we miss something ? >> >> Thx in advance >> -- >> >> *Cedric** Lemarchand - iXSea SAS* >> > > Hi, > > Can your debien server contact your AD (telnet on port 636) ? > By the way, you have to install ssl extention on AD to get a valid > certificate. > > Thomas. > > -- > Thomas Chemineau >
Hum, by reading the error, it seems that your AD returns a referer. Are you sure SSP binds on the good AD ? Thomas. -- Thomas Chemineau _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
