<quote who="Comisario, Alejandro"> > OK!!! My boss calls me! > Let finish some work and I'll post you the debug!!! > From now, VERY VERY THANKS FOR YOUR HELP!!!
Stop shouting and please CC [email protected] !!! ;-) Gavin. > > -- > Alejandro D. Comisario > Sistemas Catastrales S.A. > Depto. Tecnología y Seguridad Informática > (5411) 4326.4002 int. 273 > Buenos Aires, Argentina > [EMAIL PROTECTED] > > > -----Mensaje original----- > De: Gavin Henry [mailto:[EMAIL PROTECTED] > Enviado el: martes, 17 de julio de 2007 15:15 > Para: Comisario, Alejandro > CC: [email protected] > Asunto: RE: How do I tell ldapsearch to authenticate to the referred to > LDAP > server when chasing a referral? > > <quote who="Comisario, Alejandro"> >> YES! >> It is, if i query the AD directly, it Works. >> >> Ldapsearch -b "ou=prueba,dc=adsc,dc=com" -H ldap://adldap.adsc.com -D >> "cn=admin,cn=users,dc=adsc,dc=com" -W >> >> WORKS!!! >> But the referral don't > > Try my verbose logging and paste in your reply > >> >> -- >> Alejandro D. Comisario >> Sistemas Catastrales S.A. >> Depto. Tecnología y Seguridad Informática >> (5411) 4326.4002 int. 273 >> Buenos Aires, Argentina >> [EMAIL PROTECTED] >> >> >> -----Mensaje original----- >> De: Gavin Henry [mailto:[EMAIL PROTECTED] >> Enviado el: martes, 17 de julio de 2007 15:08 >> Para: Comisario, Alejandro >> CC: [email protected] >> Asunto: RE: How do I tell ldapsearch to authenticate to the referred to >> LDAP >> server when chasing a referral? >> >> <quote who="Comisario, Alejandro"> >>> Gavin. >>> Thanks for the answer, the thing is, and i could't say it befote, on >>> the >>> other side of the openLDAP is an Active Directory, when i try what you >>> say, >>> it gave me. >>> >>> [EMAIL PROTECTED] # ldapsearch -b "ou=prueba,dc=adsc,dc=com" \ >>> -H ldap://doldap.sc.com -D "cn=admin,cn=users,dc=adsc,dc=com" -W -x >>> Enter LDAP Password: >>> ldap_bind: Invalid credentials (49) >>> >>> >>> Any Ideas? >> >> Is cn=admin,cn=users,dc=adsc,dc=com in AD? >> >> Gavin. >> >>> >>> >>> -----Mensaje original----- >>> De: Gavin Henry [mailto:[EMAIL PROTECTED] >>> Enviado el: martes, 17 de julio de 2007 13:59 >>> Para: Comisario, Alejandro >>> CC: [email protected] >>> Asunto: Re: How do I tell ldapsearch to authenticate to the referred to >>> LDAP >>> server when chasing a referral? >>> >>> <quote who="Comisario, Alejandro"> >>>> Hello everyone. >>>> >>>> I have an OpenLDAP 2.3.30 running on Debian Etch Stable in a DMZ, >>>> managing >>>> external users for an application. >>>> But at the same time i want this openLDAP to comunicate when given for >>>> a >>>> specific DN with another directory service on my internal network. >>>> The connection between the two machines passing thru the firewall is >>>> correct. >>>> >>>> The reference are: >>>> openLDAP machine : doldap.sc.com with domain dc=si,dc=com >>>> the other directory : adldap.adsc.com with domain dc=adsc,dc=com >>>> >>>> I defined the referral like this: >>>> dn: ou=test,dc=adsc,dc=com >>>> objectClass: referral >>>> objectClass: extensibleObject >>>> dc: prueba >>>> ref: ldap://adldap.adsc.com/ou=test,dc=adsc,dc=com >>>> >>>> So, when i query something like this (anonymous): >>>> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x >>>> >>>> I get this response: >>>> # extended LDIF >>>> # >>>> # LDAPv3 >>>> # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter: >>>> (objectclass=*) # requesting: ALL # >>>> >>>> # search result >>>> search: 2 >>>> result: 10 Referral >>>> ref: ldap://adldap.adsc.com/ou=prueba,dc=adsc,dc=com??sub >>>> >>>> # numResponses: 1 >>>> >>>> So, apparently the referral for that query is found, next i tell >>>> ldapsearch >>>> to follow it: >>>> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C >>>> >>>> The openLDAP try to follow the referral and get this response from the >>>> other >>>> service: >>>> # extended LDIF >>>> # >>>> # LDAPv3 >>>> # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter: >>>> (objectclass=*) # requesting: ALL # >>>> >>>> # search result >>>> search: 2 >>>> result: 1 Operations error >>>> text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform >>>> this >>>> operation a successful bind must be completed on the connection., data >>>> 0, >>>> vece >>>> >>>> # numResponses: 1 >>>> >>>> So, How do I tell ldapsearch to authenticate to the referred to LDAP >>>> server >>>> when chasing a referral? >>>> Hope someone can helpme. >>> >>> You need to actually bind as a user, e.g.: >>> >>> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C -D >>> "uid=blah,dc=adsc,dc=com" -W >>> >>> Gavin. >>> >>>> >>>> Regards. >>>> >>>> .A l e j a n d r o. >>>> >>>> >>>> >>>> >>> >> >
