Hi I have progressed a little bit further
I have stopped using olcdbaclbind and started to use olcDbIDAssertAuthzFrom: "*" olcDbIDAssertBind: bindmethod=none authzId="CN=ad readonly,OU=Services ,DC= xyz,DC=com" credentials="secret" starttls=no but I get this text: 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this ope ration a successful bind must be completed on the connection., data 0, v1db1 I am able to ldapsearch with these credentials, I also tried change bindmethod to simple, but same error How do I turn on debug for the ldap backend ? Any one have any ideas on how to make this work ? Alex > -----Original Message----- > From: [email protected] [mailto:openldap-technical- > [email protected]] On Behalf Of Alex Samad - Yieldbroker > Sent: Wednesday, 28 March 2012 1:58 PM > To: [email protected] > Subject: problem with ldap backend > > Hi > > I am trying to setup a connection from openldap to MS AD > > I am using this > > dn: olcDatabase={3}ldap > objectClass: olcDatabaseConfig > objectClass: olcLDAPConfig > olcDatabase: {3}ldap > olcSuffix: dc=xyz,dc=com > olcAccess: {0}to dn.base="" by * read > olcAccess: {1}to dn.base="cn=Subschema" by * read > olcAccess: {2}to * by self write by users read by anonymous auth > olcReadOnly: TRUE > olcRootDN: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth > olcSizeLimit: 500 > olcDbURI: "ldap://dc101. xyz.com ldap://dc201. xyz.com" > olcDbRebindAsUser: TRUE > olcDbChaseReferrals: TRUE > > > This works fine when I pass a bind DN. > > I would like to convert this to allow anon access to ldap, which does a user > bind > to MS AD so I added this > > > olcdbaclbind: bindmethod=simple binddn="CN=ad readonly,OU= xyz,DC= > xyz,DC=com" credentials="secret" starttls=no > > but it is not working, I can not make a anon search request, they retrieve any > thing frome the MSAD ldap server. > > Thanks > > > >
