Hi Just wondering if the features is supposed to work ? Am I delving into experimental code ?
Alex > -----Original Message----- > From: Alex Samad - Yieldbroker > Sent: Thursday, 29 March 2012 9:28 AM > To: [email protected] > Subject: RE: problem with ldap backend > > Hi > > I have progressed a little bit further > > I have stopped using olcdbaclbind and started to use > > olcDbIDAssertAuthzFrom: "*" > olcDbIDAssertBind: bindmethod=none authzId="CN=ad > readonly,OU=Services ,DC= xyz,DC=com" credentials="secret" starttls=no > > > but I get this > > text: 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this > ope ration a successful bind must be completed on the connection., data 0, > v1db1 > > > I am able to ldapsearch with these credentials, I also tried change > bindmethod to simple, but same error > > How do I turn on debug for the ldap backend ? > > Any one have any ideas on how to make this work ? > > > Alex > > > > -----Original Message----- > > From: [email protected] > > [mailto:openldap-technical- [email protected]] On Behalf Of Alex > > Samad - Yieldbroker > > Sent: Wednesday, 28 March 2012 1:58 PM > > To: [email protected] > > Subject: problem with ldap backend > > > > Hi > > > > I am trying to setup a connection from openldap to MS AD > > > > I am using this > > > > dn: olcDatabase={3}ldap > > objectClass: olcDatabaseConfig > > objectClass: olcLDAPConfig > > olcDatabase: {3}ldap > > olcSuffix: dc=xyz,dc=com > > olcAccess: {0}to dn.base="" by * read > > olcAccess: {1}to dn.base="cn=Subschema" by * read > > olcAccess: {2}to * by self write by users read by anonymous auth > > olcReadOnly: TRUE > > olcRootDN: > gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth > > olcSizeLimit: 500 > > olcDbURI: "ldap://dc101. xyz.com ldap://dc201. xyz.com" > > olcDbRebindAsUser: TRUE > > olcDbChaseReferrals: TRUE > > > > > > This works fine when I pass a bind DN. > > > > I would like to convert this to allow anon access to ldap, which does > > a user bind to MS AD so I added this > > > > > > olcdbaclbind: bindmethod=simple binddn="CN=ad readonly,OU= xyz,DC= > > xyz,DC=com" credentials="secret" starttls=no > > > > but it is not working, I can not make a anon search request, they > > retrieve any thing frome the MSAD ldap server. > > > > Thanks > > > > > > > >
