Hi,
Yes, there are some entries with the attribute userPassword like this value.
But don´t found the entries, when I put the password.
Thanks.
Em 25/11/2013 12:54, Peter Gietz escreveu:
Hi,
since it is working for a lot of people (including some of our
customers) it seems that you are doing something wrong.
What about the contents of your entries: Are you sure that you have the
attribute userPassword with the value
{SASL}<username>@<AD-realm>
set in all entries that are to bind via AD?
Cheers,
Peter
Am 22.11.2013 15:05, schrieb Willy Ramos:
Em 22/11/2013 09:21, Andrew Findlay escreveu:
On Wed, Nov 20, 2013 at 02:55:43PM -0200, Willy Ramos wrote:
Subject: Re: Openldap for proxy AD
Have you tried following the examples in the Admin Guide?
http://www.openldap.org/doc/admin24/security.html#Pass-Through%20authentication
There is a detailed setup and diagnosic guide there which should help
you
to isolate the problem.
Andrew
Thanks Andrew,
I was testing based in this Admin Guide.
When I Check that the user can bind to AD:
ldapsearch -x -Hldap://dc1.example.com/ \
-D cn=user,cn=Users,DC=ad,DC=example,DC=com \
-w userpassword \
-b cn=user,cn=Users,DC=ad,DC=example,DC=com \
Or with
-s base \
"(objectclass=*)"
Or
testsaslauthd -u user -p userpassword
It´s works.
I was reading about and Seems don´t find the schemas of objectclass or
userPassword attribute;
But I could not resolve yet.
See the logs
Nov 22 11:57:30 mail slapd[18370]: conn=1192 fd=11 ACCEPT from
IP=127.0.0.1:51698 (IP=0.0.0.0:636)
Nov 22 11:57:30 mail slapd[18370]: conn=1192 fd=11 TLS established
tls_ssf=256 ssf=256
Nov 22 11:57:30 mail slapd[18370]: conn=1192 op=0 EXT
oid=1.3.6.1.4.1.1466.20037
Nov 22 11:57:30 mail slapd[18370]: conn=1192 op=0 STARTTLS
Nov 22 11:57:30 mail slapd[18370]: conn=1192 op=0 RESULT oid= err=1
text=TLS already started
Nov 22 11:57:30 mail slapd[18370]: conn=1192 op=1 UNBIND
Nov 22 11:57:30 mail slapd[18370]: conn=1192 fd=11 closed
Thanks.
--
Att.
Willy R. M
