LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Debian (http://www.linuxquestions.org/questions/debian-26/)
-   -   smbldap-populate can't contact ldap server (http://www.linuxquestions.org/questions/debian-26/smbldap-populate-cant-contact-ldap-server-798322/)

Webhuis 03-27-2010 07:06 PM

smbldap-populate can't contact ldap server
 
Hi,

Ldap and samba work fine if de ldap server is @localhost.

smbldap-populate however refuses to connect to the ldap server at the address ldaps://ldap.server

ldapsearch -x -H ldaps://ldap.server

I checked ldad.conf and smbldap.conf time and again.

Why oh why?

trobbelke 04-02-2010 10:26 AM

try ldap://ldap.server (drop the 's')

Webhuis 04-03-2010 08:15 AM

Quote:

Originally Posted by trobbelke (Post 3921703)
try ldap://ldap.server (drop the 's')

ldap unencrypeted is an option indeed, as is connecting through localhost. I have it working like that.

The point is, however, that remote connections ought to be possible.

I turned to an old configuration that used to work fine with regards to the subject, as far as I can remember.

Key is acl in slapd.conf. The error messages given are confusing, because they tell you that there is no connection possible.

I am still working on it and I will give this a try:

access to attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,sambaKickoff Time,sambaPw
dCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScri pt,sambaProfilePath,de
scription,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,sambaMungedDial,sambaBadPasswor dCount,sambaBadPasswor
dTime,sambaPasswordHistory,sambaLogonHours,sambaSID,sambaSIDList,sambaTrustFlags,sambaGroupType,samb aNextRid,sambaNextGrou
pRid,sambaNextUserRid,sambaAlgorithmicRidBase,sambaShareName,sambaOptionName,sambaBoolOption,sambaSt ringOption,sambaString
Listoption
by dn="cn=samba,ou=DSA,dc=webhuis,dc=nl" write
by dn="cn=slurpd,ou=DSA,dc=webhuis,dc=nl" write
by dn="cn=smbldap-tools,ou=DSA,dc=webhuis,dc=nl" write
by dn="cn=nssldap,ou=DSA,dc=webhuis,dc=nl" write
by self read
by * none

trobbelke 04-04-2010 07:16 AM

some ldap servers have an option to restrict the range that can connect to the server. Have you checked that? Also, if unencrypted works but encrypted doesn't, have you checked your firewall? (you probably have but I'm just trying to help)


All times are GMT -5. The time now is 09:05 PM.