You are trying to authenticate through the credentials stored in your active directory servers, not the passwords stored in LDAP, correct? If that is the case, then the easiest means to accomplish that are to use SASL for authentication.
On Tue, Nov 19, 2013 at 12:59 PM, <[email protected]> wrote: > Hi, > I´m with some troubles to do authentication in AD trough of Openldap. > > Somebody managed to authenticate with AD password in Openldap Server? > > I´m trying everything but don´t auth. I see all users but the password > don´t pass. > > > My slapd.conf like this : > > > # > include /etc/openldap/schema/corba.schema > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/duaconf.schema > include /etc/openldap/schema/dyngroup.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/misc.schema > include /etc/openldap/schema/nis.schema > include /etc/openldap/schema/openldap.schema > include /etc/openldap/schema/ppolicy.schema > include /etc/openldap/schema/collective.schema > > #allow bind_v2 > > loglevel 256 > #referral ldap://root.openldap.org > > pidfile /var/run/openldap/slapd.pid > argsfile /var/run/openldap/slapd.args > > # Load dynamic backend modules: > modulepath /usr/lib/openldap > #moduleload back_bdb > moduleload accesslog.la > moduleload auditlog.la > moduleload ppolicy.la > moduleload rwm.la > moduleload back_ldap > > TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt > TLSCertificateFile /etc/pki/tls/certs/slapd.pem > TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem > > ####################################################################### > > database ldap > suffix "dc=foobar" > rootdn "cn=admin,dc=foobar" > ################################### > rootpw {SSHA}wXmTs2ANS4XwqqnzEVIqmc+i6VCUiD7I > > database ldap > suffix dc=foobar,dc=com > #subordinate > rebind-as-user > uri ldaps://srv-2003.foobar.com > idassert-bind bindmethod=simple > binddn="cn=vmail,cn=users,dc=foobar,dc=com" > credentials=abc@123 > mode=none > flags=non-prescriptive > > idassert-authzFrom "dn.regex:.*" > #idassert-authzFrom "dn.exact:cn=admin,dc=foobar" > # > chase-referrals yes > > require authc > ############################# > ###########password-hash {CLEARTEXT} > TLSCipherSuite HiGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3 > TLSVerifyClient allow > sasl-host localhost > sasl-secprops none > > ######################################################################### > database config > # all others attributes are readable to everybody > > access to * > by * read > > lastmod off > > overlay rwm > rwm-suffixmassage dc=foobar,dc=com > #rwm-normalize-mapped-attrs > rwm-map attribute uid sAMAccountName > rwm-map attribute cn name > #rwm-map attribute mail userPrincipalName > rwm-map objectclass account > > > What is wrong? > > Please help me. > > Thanks. > > > > > > > > > > -- Jason K. Brandt Systems Administrator Bradley University (309) 677-2958
