I have some problems of ldap configuration
 

hi all,i am new for debian.
my school project needs to bulid up a website which needs to use C#.
however,if we use linux system to bulid up this serve, we will have extra mark.
Also we will need to use window ser to be the sql server and use its AD by ldap.

Here is my situation:
I have bulit up the part of Window Server, i hv config. the sitting of it.
I have put my website in window ser ,it is sucessful to connect the sql server, and use the AD as my account user.

Now i need to use debian to be my web server.
i have searched my information about mono +ldap of debian.
also i have installed mono on my debian,i test it by using some asp examle,it is work.
when i use my website,it can show up my page,but when i try to login,it failed.
It seems like the connection problem.

there are a few questions in my mind.
1.)If i use my debian to be my webserver,is it will be the ldap client of my Window Server?
2.)What necessary configuration should be done?

Thanks for your time,hope someone can helpme.Regard.ckc654321hk

Mono is a programming/language framework. It has nothing to do with LDAP, web services, or AD. If you've been searching, you should have found much information about LDAP, AD, and what they are.
No, why would it? A web server is not an LDAP client. You CAN write web pages to USE LDAP/AD for authentication, but that's different from what you're asking here..
You don't clearly state WHAT you're trying to do, so it's hard to say. Putting in "debian active directory authentication" into Google brings up how-to documents.
http://wiki.debian.org/Authenticatin...tive_Directory

But again, you don't say if you're trying to authenticate the whole system with AD or LDAP, just web pages, or what your real goal is. Can't provide details and answers if you don't ask a clear question

Thanks
 

Thanks for your reply.

i know that my concept is not clear for my subject ,but i will work hard on it.

actullay, i want to use the information of the AD of window server to be the user account of my web server on debian.
Window server AD<---->Linux Webpage Login
Window SQL Server<--->Linux Webpage
there hv a requietment for us is that there should use asp.net on the debian, so i hv installed the mono to bulid up my web server.
i know the mono is not related with ldap.


Window server IP:192.168.1.106
Part of connection code of my webpage :
public class LdapAuthentication
{
private string _path = @"LDAP://192.168.1.106";
private string _filterAttribute;
string domain = ".intra.cim.com";

It is work when i tested it on IIS of window server.
but when i put it on debian ,it show me failed.

My Question is What should i do to use the AD account of Window server to be my webpage of Debian?

Thanks again.

Spell your words out. It's "have", not "hv". Again, Mono is a .net framework...it has NOTHING to do with LDAP, Active Directory, web pages, or authentication.
Did you read the link in my first reply?? It specifically tells you how to authenticate Linux to Active Directory, tells you what packages to install, and how to set it up. And have you actually set up and configured LDAP on the Linux server?? Because if you didn't, it's not running...no LDAP=web page that uses LDAP will fail.

It seems like you need to use mod_auth_ldap to get your Linux Apache server to authenticate against your Windows AD controller. Handling authentication to a web site is different from system authentication, and Apache has numerous mechanisms for this. You'll want to use LDAP for this, requiring mod_auth_ldap. If you search for mod_auth_ldap and active directory, you'll find any number of pages telling you how to set this up.

Agreed...I assumed that the OP was already doing that, since the page was (supposedly), working under IIS, but not Linux.

thanks both of you.
I am trying to follow the step to configure it.
i guess i need to install and config Kerberos,Samba,Winbind before i install mod_auth_ldap,am i right?

Well, again...did you read the instructions that were provided to you in that link???? If you want to use AD for authentication, then you need those things. If you want to use LDAP (which is NOT Active Directory), then you need to install LDAP, and configure it. Doesn't get much simpler than that...if you want to use it, you have to install it.

Since your posts are confusing, we'll break it down. Want the web page to use A.D for authentication? Then you need to follow the steps in the link provided, that tells you how to do it. Want it to use LDAP? Then install and configure LDAP on Linux.

ok thanks a lot,I still try to work hard on it.
One more question,today,i ask my friend,he told me ,i can use linux as ldap clients,and let window server to be ldap server.
Is that concept correct?

Yes, and if I may say so, that's quite obvious.

Anytime you deal with client/server things, the only thing that matters is that the software obeys the standards. An LDAP server is built to respond to requests, formatted in a certain manner. That's it...much the same way as an FTP server responds to FTP requests, SSH, etc., etc., etc. The server can be anything...the client can be anything.

i see .I have tried to make my linux to be a client ,but it can not get the user account which on Window Server.
If my webpage can run in IIS,is it mean that i have already configured the ldap server of Window Server?
Or Is it prossible to let the ldap protocol to run on Window Server and Window Server is not ldap Server?
I afraid that i have not configured well on Window Server.


However,there is a website for Linux Ldap client.
http://debianclusters.org/index.php/LDAP_Client
I have followed the step,it still cannot sucess.
I installed the ldap-utils for search my Window Server.
it cannot find.

Information of Window Server:
Window Server IP=192.168.1.106 ,domain=intra.cim.com
Fullname of my WindowServer=Win_Server1.intra.cim.com

for configure libnss-ldap & libpam-ldap
ldap://192.168.1.106
DC=intra,DC=cim,DC=com
CN=Administrator,OU=Domain Controllers,DC=intra,DC=cim,DC=com
pa$$w0rd

Am I input the correct data?

PS.I have edited the nsswitch.conf and PAM

No way of us to know, since you've mentioned both AD and LDAP in this thread. The only way to know is to read the source code for the web page, and see if it's doing AD first, then falling back to LDAP (or vice versa), if one fails. If you don't know what's running on the Windows server, how can we??
Then you've obviously not followed the steps, since if you try to query the Linux LDAP server it fails.
How would we know this?? This is YOUR server, on YOUR network, with YOUR details. Again, read the man pages and other info about LDAP on Linux, and try to get it to work from the command-line. Once you succeed there, then you can deal with a web page.
Great...why did you edit them, and what did you put in them??

Actually ,my english is really bad,I cannot tell exactly what i mean,so i can see there have some place have misunderstand between us.
i am sorry for that.
however is it nessary to set up linux to be a ldap server first,before configure the cilent setting?

Are you serious?

Obviously, before you can USE it, you have to CONFIGURE it. That's like asking, "Do I have to put gas in my car BEFORE I start it?"

OMG:(
I guess if it can be client ,it do not need to configure for server setting.

---------- Post added 05-23-11 at 01:49 PM ----------

thank you very much!