<quote who="Comisario, Alejandro"> > YES! > It is, if i query the AD directly, it Works. > > Ldapsearch -b "ou=prueba,dc=adsc,dc=com" -H ldap://adldap.adsc.com -D > "cn=admin,cn=users,dc=adsc,dc=com" -W > > WORKS!!! > But the referral don't
Try my verbose logging and paste in your reply > > -- > Alejandro D. Comisario > Sistemas Catastrales S.A. > Depto. TecnologĂa y Seguridad Informática > (5411) 4326.4002 int. 273 > Buenos Aires, Argentina > [EMAIL PROTECTED] > > > -----Mensaje original----- > De: Gavin Henry [mailto:[EMAIL PROTECTED] > Enviado el: martes, 17 de julio de 2007 15:08 > Para: Comisario, Alejandro > CC: [email protected] > Asunto: RE: How do I tell ldapsearch to authenticate to the referred to > LDAP > server when chasing a referral? > > <quote who="Comisario, Alejandro"> >> Gavin. >> Thanks for the answer, the thing is, and i could't say it befote, on the >> other side of the openLDAP is an Active Directory, when i try what you >> say, >> it gave me. >> >> [EMAIL PROTECTED] # ldapsearch -b "ou=prueba,dc=adsc,dc=com" \ >> -H ldap://doldap.sc.com -D "cn=admin,cn=users,dc=adsc,dc=com" -W -x >> Enter LDAP Password: >> ldap_bind: Invalid credentials (49) >> >> >> Any Ideas? > > Is cn=admin,cn=users,dc=adsc,dc=com in AD? > > Gavin. > >> >> >> -----Mensaje original----- >> De: Gavin Henry [mailto:[EMAIL PROTECTED] >> Enviado el: martes, 17 de julio de 2007 13:59 >> Para: Comisario, Alejandro >> CC: [email protected] >> Asunto: Re: How do I tell ldapsearch to authenticate to the referred to >> LDAP >> server when chasing a referral? >> >> <quote who="Comisario, Alejandro"> >>> Hello everyone. >>> >>> I have an OpenLDAP 2.3.30 running on Debian Etch Stable in a DMZ, >>> managing >>> external users for an application. >>> But at the same time i want this openLDAP to comunicate when given for >>> a >>> specific DN with another directory service on my internal network. >>> The connection between the two machines passing thru the firewall is >>> correct. >>> >>> The reference are: >>> openLDAP machine : doldap.sc.com with domain dc=si,dc=com >>> the other directory : adldap.adsc.com with domain dc=adsc,dc=com >>> >>> I defined the referral like this: >>> dn: ou=test,dc=adsc,dc=com >>> objectClass: referral >>> objectClass: extensibleObject >>> dc: prueba >>> ref: ldap://adldap.adsc.com/ou=test,dc=adsc,dc=com >>> >>> So, when i query something like this (anonymous): >>> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x >>> >>> I get this response: >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter: >>> (objectclass=*) # requesting: ALL # >>> >>> # search result >>> search: 2 >>> result: 10 Referral >>> ref: ldap://adldap.adsc.com/ou=prueba,dc=adsc,dc=com??sub >>> >>> # numResponses: 1 >>> >>> So, apparently the referral for that query is found, next i tell >>> ldapsearch >>> to follow it: >>> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C >>> >>> The openLDAP try to follow the referral and get this response from the >>> other >>> service: >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter: >>> (objectclass=*) # requesting: ALL # >>> >>> # search result >>> search: 2 >>> result: 1 Operations error >>> text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform >>> this >>> operation a successful bind must be completed on the connection., data >>> 0, >>> vece >>> >>> # numResponses: 1 >>> >>> So, How do I tell ldapsearch to authenticate to the referred to LDAP >>> server >>> when chasing a referral? >>> Hope someone can helpme. >> >> You need to actually bind as a user, e.g.: >> >> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C -D >> "uid=blah,dc=adsc,dc=com" -W >> >> Gavin. >> >>> >>> Regards. >>> >>> .A l e j a n d r o. >>> >>> >>> >>> >> >
