Hi Thanks, I have also tried bind=simple, same error, I have tested the dn and the password with ldapsearch
Thanks > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Sunday, 1 April 2012 6:17 PM > To: Alex Samad - Yieldbroker > Cc: '[email protected]' > Subject: RE: problem with ldap backend > > > Hi > > > > Just wondering if the features is supposed to work ? Am I delving > > into experimental code ? > > It works as intended. The error message you receive is quite > self-explanatory: AD wants a successful bind, and you're requesting > bindmethod=none (i.e. bind with empty DN). You may want to try > bindmethod=simple > > p. > > >> -----Original Message----- > >> From: Alex Samad - Yieldbroker > >> Sent: Thursday, 29 March 2012 9:28 AM > >> To: [email protected] > >> Subject: RE: problem with ldap backend > >> > >> Hi > >> > >> I have progressed a little bit further > >> > >> I have stopped using olcdbaclbind and started to use > >> > >> olcDbIDAssertAuthzFrom: "*" > >> olcDbIDAssertBind: bindmethod=none authzId="CN=ad > >> readonly,OU=Services ,DC= xyz,DC=com" credentials="secret" > >> starttls=no > >> > >> > >> but I get this > >> > >> text: 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform > >> this ope ration a successful bind must be completed on the > >> connection., data 0, > >> v1db1 > >> > >> > >> I am able to ldapsearch with these credentials, I also tried change > >> bindmethod to simple, but same error > >> > >> How do I turn on debug for the ldap backend ? > >> > >> Any one have any ideas on how to make this work ? > >> > >> > >> Alex > >> > >> > >> > -----Original Message----- > >> > From: [email protected] > >> > [mailto:openldap-technical- [email protected]] On Behalf Of > Alex > >> > Samad - Yieldbroker > >> > Sent: Wednesday, 28 March 2012 1:58 PM > >> > To: [email protected] > >> > Subject: problem with ldap backend > >> > > >> > Hi > >> > > >> > I am trying to setup a connection from openldap to MS AD > >> > > >> > I am using this > >> > > >> > dn: olcDatabase={3}ldap > >> > objectClass: olcDatabaseConfig > >> > objectClass: olcLDAPConfig > >> > olcDatabase: {3}ldap > >> > olcSuffix: dc=xyz,dc=com > >> > olcAccess: {0}to dn.base="" by * read > >> > olcAccess: {1}to dn.base="cn=Subschema" by * read > >> > olcAccess: {2}to * by self write by users read by anonymous auth > >> > olcReadOnly: TRUE > >> > olcRootDN: > >> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth > >> > olcSizeLimit: 500 > >> > olcDbURI: "ldap://dc101. xyz.com ldap://dc201. xyz.com" > >> > olcDbRebindAsUser: TRUE > >> > olcDbChaseReferrals: TRUE > >> > > >> > > >> > This works fine when I pass a bind DN. > >> > > >> > I would like to convert this to allow anon access to ldap, which > >> > does a user bind to MS AD so I added this > >> > > >> > > >> > olcdbaclbind: bindmethod=simple binddn="CN=ad readonly,OU= > xyz,DC= > >> > xyz,DC=com" credentials="secret" starttls=no > >> > > >> > but it is not working, I can not make a anon search request, they > >> > retrieve any thing frome the MSAD ldap server. > >> > > >> > Thanks > >> > > >> > > >> > > >> > > > > > > > > > >
