> Hi > > Just wondering if the features is supposed to work ? Am I delving into > experimental code ?
It works as intended. The error message you receive is quite self-explanatory: AD wants a successful bind, and you're requesting bindmethod=none (i.e. bind with empty DN). You may want to try bindmethod=simple p. >> -----Original Message----- >> From: Alex Samad - Yieldbroker >> Sent: Thursday, 29 March 2012 9:28 AM >> To: [email protected] >> Subject: RE: problem with ldap backend >> >> Hi >> >> I have progressed a little bit further >> >> I have stopped using olcdbaclbind and started to use >> >> olcDbIDAssertAuthzFrom: "*" >> olcDbIDAssertBind: bindmethod=none authzId="CN=ad >> readonly,OU=Services ,DC= xyz,DC=com" credentials="secret" starttls=no >> >> >> but I get this >> >> text: 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform >> this >> ope ration a successful bind must be completed on the connection., data >> 0, >> v1db1 >> >> >> I am able to ldapsearch with these credentials, I also tried change >> bindmethod to simple, but same error >> >> How do I turn on debug for the ldap backend ? >> >> Any one have any ideas on how to make this work ? >> >> >> Alex >> >> >> > -----Original Message----- >> > From: [email protected] >> > [mailto:openldap-technical- [email protected]] On Behalf Of Alex >> > Samad - Yieldbroker >> > Sent: Wednesday, 28 March 2012 1:58 PM >> > To: [email protected] >> > Subject: problem with ldap backend >> > >> > Hi >> > >> > I am trying to setup a connection from openldap to MS AD >> > >> > I am using this >> > >> > dn: olcDatabase={3}ldap >> > objectClass: olcDatabaseConfig >> > objectClass: olcLDAPConfig >> > olcDatabase: {3}ldap >> > olcSuffix: dc=xyz,dc=com >> > olcAccess: {0}to dn.base="" by * read >> > olcAccess: {1}to dn.base="cn=Subschema" by * read >> > olcAccess: {2}to * by self write by users read by anonymous auth >> > olcReadOnly: TRUE >> > olcRootDN: >> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >> > olcSizeLimit: 500 >> > olcDbURI: "ldap://dc101. xyz.com ldap://dc201. xyz.com" >> > olcDbRebindAsUser: TRUE >> > olcDbChaseReferrals: TRUE >> > >> > >> > This works fine when I pass a bind DN. >> > >> > I would like to convert this to allow anon access to ldap, which does >> > a user bind to MS AD so I added this >> > >> > >> > olcdbaclbind: bindmethod=simple binddn="CN=ad readonly,OU= xyz,DC= >> > xyz,DC=com" credentials="secret" starttls=no >> > >> > but it is not working, I can not make a anon search request, they >> > retrieve any thing frome the MSAD ldap server. >> > >> > Thanks >> > >> > >> > >> > > > > >
