LDAP Trouble
 

Hi, I'm trying to get LDAP to work on my Linux computer with Windows 2003 Servers. To begin, I'm just trying to search LDAP from Linux. I've tried the following:

ldapsearch -x -H ldap://10.11.12.13:389 -D adminuser -w adminpassword "(uid=administrator)"

But I get this (below). I've tried searching using different credentials and searching for other uid, cs, sn etc. but I keep getting the same response. Do you think the servers are blocking my requests? Is there something I can try changing on the Windows servers to allow the searching to work?
Maybe I need to specify where to search, such as a specific OU. How would I specify this? Thanks.

# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (cn=swradmin)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
text: 0000208D: NameErr: DSID-031001A8, problem 2001 (NO_OBJECT), data 0, bes
t match of:
''

Are you sure that rootdn is "adminuser". It should be "cn=adminuser, dc=domain,dc=com", or something like that. Also use the base dn in your command:

Thanks. I'm new to this so no, I'm not sure! Appreciate the help.

That returns the error below. I've tried various administrator users. Should there be a space in the -D switch between user and domain? I've tried with and without; assume it doesn't matter?

ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece

The space doesn't matter in DNs.
The error you get now, means that either the rootdn, or the password supplied is wrong.
Check slapd.conf for the correct rootdn and basedn suffix entries, or post here slapd.conf.

Regards

I don't have a slapd.conf on my system. I assume that I would only have this if my computer is an ldap server? I only have the client installed. The servers are Windows 2003.

I am sure the username and password are correct. I have a feeling the servers may be rejecting me due to high security settings; could this be true?

Yep, slapd.conf is used on the openldap server.
Looking at the 2nd error you got
If you are sure that you are using the correct rootdn and password, could be a problem with the authentication. Maybe the server does not accept simple authentication. Remove the -x option (you can add -v and/or -d 256 to increase verbosity) and see what you get.

Thanks for your suggestions.

Without -x I get:

ldap_initialize( ldap://10.11.12.13:389/??base )
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)

Without -x and with ldaps:// I get

ldap_initialize( ldaps://10.11.12.13:389/??base )
TLS: can't connect: A TLS packet with unexpected length was received..
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

1. Without -x: It looks it does not use sasl authentication
2. Without -x and with ldaps:: The ldaps port is 636, so you can try again, to see if you can connect.

I guess that the AD uses simple authentication, but looking at AD error codes, I found that 525 means no such user, so you have to use another user (maybe you can use your credentials) to do your search.
Or you can contact the AD admin, if it's possible, to give you the connection details.

Have you tried anonymous search?

No luck with port 636.

Without a username/password provided it says:

# search result
search: 2
result: 1 Operations error
text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this ope
ration a successful bind must be completed on the connection., data 0, vece
# numResponses: 1

I then tried the following:

ldapsearch -x -H ldap://10.11.12.13:389 -D adminuser -w adminpassword -b "dc=domain,dc=internal" "(cn=administrator)"

And it works! Thanks for your help.

So you was missing the search base in your first post!!!
Anyway, glad to see it worked.

Regards