LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 10-22-2012, 05:08 PM   #16
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968

Don't follow the stream, expand the protocol sub trees.

Clearly the anonymous bind setting is not sufficient. You've an error message which gives back pages and pages of search results in google, so plenty of other people have been in your position. Without digging into it, I don't know if it's an AD or ldap client issue, but I would personally look to create a dedicated bind user and configuring ldap.conf to use that read only user account.
 
Old 10-23-2012, 08:07 AM   #17
skimeer
Member
 
Registered: Jun 2007
Posts: 55
Blog Entries: 1

Original Poster
Rep: Reputation: 0
Now I have my /etc/ldap.conf like below... but its still failing.

Code:
[root@DevMMC2 ~]# grep -v '#' /etc/ldap.conf


base cn=users,dc=test,dc=com
binddn cn=Administrator,cn=users,dc=test,dc=com
bindpw $unsolaris123
rootbinddn cn=Administrator,cn=users,dc=test,dc=com
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_base_passwd dc=test,dc=com?sub
nss_base_shadow dc=test,dc=com?sub
nss_base_group  dc=test,dc=com?sub
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup group
nss_map_attribute cn msSFUName
nss_map_attribute uid msSFUName
nss_map_attribute gid gidNumber
nss_map_attribute gecos sAMAccountName
nss_map_attribute homeDirectory msSFUHomeDirectory
nss_map_attribute uniqueMember Member
pam_login_attribute msSFUName
pam_filter objectclass=user
pam_password ad
uri ldap://10.55.199.114
pam_password md5
ssl no
tls_cacertdir /etc/openldap/cacerts
 
Old 10-23-2012, 08:16 AM   #18
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
I don't like to the look of a $ in the password, but yet yet again, look in wireshark! Expand the subtrees like in this picture... http://code.google.com/p/protobuf-wireshark/
 
Old 10-23-2012, 10:04 AM   #19
skimeer
Member
 
Registered: Jun 2007
Posts: 55
Blog Entries: 1

Original Poster
Rep: Reputation: 0
I use this password to satisfy windows criteria of complex password, However I can try with simple one also.

From wireshark, as we confirmed that its because bind is not successful.I have compared bind requests for both ldapsearch and su. I have attached screenshot for that.
Attached Images
File Type: png with_ldapsearch_screenshot.png (119.9 KB, 6 views)
File Type: png with_su_screenshot.png (125.2 KB, 6 views)
 
Old 10-23-2012, 03:48 PM   #20
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
OK, so you need to look at the output yourself, not post screenshots. look at the *responses*, one from ldapsearch and one from, say, getent passwd, with what you perceive to be the same details, and compare them.
 
Old 10-29-2012, 09:37 AM   #21
skimeer
Member
 
Registered: Jun 2007
Posts: 55
Blog Entries: 1

Original Poster
Rep: Reputation: 0
Finally I got it working. There are many issue, but imp one was, providing proper mapping values in /etc/ldap.conf and bind-dn and its password.

acid_kewpie, thanks for all your help.
 
  


Reply

Tags
active directory, centos5, ldap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Authentication Active Directory finsh Linux - Networking 2 01-12-2011 02:18 AM
Active Directory Authentication zenix Suse/Novell 29 03-22-2007 11:00 AM
interfacing linux boxes with active directory? fibbi Linux - Networking 2 06-30-2005 07:00 AM
Active Directory authentication? cwhitmore Mandriva 3 03-09-2005 12:25 PM
active directory authentication mozilla Linux - Networking 2 02-21-2005 05:55 AM


All times are GMT -5. The time now is 08:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration