LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 10-14-2009, 04:39 AM   #1
jsteel
Member
 
Registered: Mar 2007
Location: England
Distribution: Arch
Posts: 392

Rep: Reputation: 34
LDAP Trouble


Hi, I'm trying to get LDAP to work on my Linux computer with Windows 2003 Servers. To begin, I'm just trying to search LDAP from Linux. I've tried the following:

ldapsearch -x -H ldap://10.11.12.13:389 -D adminuser -w adminpassword "(uid=administrator)"

But I get this (below). I've tried searching using different credentials and searching for other uid, cs, sn etc. but I keep getting the same response. Do you think the servers are blocking my requests? Is there something I can try changing on the Windows servers to allow the searching to work?
Maybe I need to specify where to search, such as a specific OU. How would I specify this? Thanks.

# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (cn=swradmin)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
text: 0000208D: NameErr: DSID-031001A8, problem 2001 (NO_OBJECT), data 0, bes
t match of:
''
 
Old 10-14-2009, 04:52 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,841

Rep: Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868
Are you sure that rootdn is "adminuser". It should be "cn=adminuser, dc=domain,dc=com", or something like that. Also use the base dn in your command:
Code:
ldapsearch -x -H ldap://10.11.12.13:389 -D "cn=adminuser, dc=domain,dc=com" -w adminpassword -b "dc=comain,dc=com" "(uid=administrator)"
 
Old 10-14-2009, 05:24 AM   #3
jsteel
Member
 
Registered: Mar 2007
Location: England
Distribution: Arch
Posts: 392

Original Poster
Rep: Reputation: 34
Thanks. I'm new to this so no, I'm not sure! Appreciate the help.

That returns the error below. I've tried various administrator users. Should there be a space in the -D switch between user and domain? I've tried with and without; assume it doesn't matter?

ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
 
Old 10-14-2009, 05:32 AM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,841

Rep: Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868
Quote:
That returns the error below. I've tried various administrator users. Should there be a space in the -D switch between user and domain? I've tried with and without; assume it doesn't matter?
The space doesn't matter in DNs.
The error you get now, means that either the rootdn, or the password supplied is wrong.
Check slapd.conf for the correct rootdn and basedn suffix entries, or post here slapd.conf.

Regards
 
Old 10-14-2009, 05:46 AM   #5
jsteel
Member
 
Registered: Mar 2007
Location: England
Distribution: Arch
Posts: 392

Original Poster
Rep: Reputation: 34
I don't have a slapd.conf on my system. I assume that I would only have this if my computer is an ldap server? I only have the client installed. The servers are Windows 2003.

I am sure the username and password are correct. I have a feeling the servers may be rejecting me due to high security settings; could this be true?
 
Old 10-14-2009, 06:02 AM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,841

Rep: Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868
Yep, slapd.conf is used on the openldap server.
Looking at the 2nd error you got
Quote:
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
If you are sure that you are using the correct rootdn and password, could be a problem with the authentication. Maybe the server does not accept simple authentication. Remove the -x option (you can add -v and/or -d 256 to increase verbosity) and see what you get.
 
Old 10-14-2009, 06:17 AM   #7
jsteel
Member
 
Registered: Mar 2007
Location: England
Distribution: Arch
Posts: 392

Original Poster
Rep: Reputation: 34
Thanks for your suggestions.

Without -x I get:

ldap_initialize( ldap://10.11.12.13:389/??base )
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)

Without -x and with ldaps:// I get

ldap_initialize( ldaps://10.11.12.13:389/??base )
TLS: can't connect: A TLS packet with unexpected length was received..
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

Last edited by jsteel; 10-14-2009 at 06:19 AM.
 
Old 10-14-2009, 06:34 AM   #8
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,841

Rep: Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868
1. Without -x: It looks it does not use sasl authentication
2. Without -x and with ldaps:: The ldaps port is 636, so you can try again, to see if you can connect.

I guess that the AD uses simple authentication, but looking at AD error codes, I found that 525 means no such user, so you have to use another user (maybe you can use your credentials) to do your search.
Or you can contact the AD admin, if it's possible, to give you the connection details.

Have you tried anonymous search?
 
Old 10-14-2009, 07:35 AM   #9
jsteel
Member
 
Registered: Mar 2007
Location: England
Distribution: Arch
Posts: 392

Original Poster
Rep: Reputation: 34
No luck with port 636.

Without a username/password provided it says:

# search result
search: 2
result: 1 Operations error
text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this ope
ration a successful bind must be completed on the connection., data 0, vece
# numResponses: 1

I then tried the following:

ldapsearch -x -H ldap://10.11.12.13:389 -D adminuser -w adminpassword -b "dc=domain,dc=internal" "(cn=administrator)"

And it works! Thanks for your help.
 
Old 10-14-2009, 07:50 AM   #10
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,841

Rep: Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868Reputation: 1868
So you was missing the search base in your first post!!!
Anyway, glad to see it worked.

Regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LDAP bind trouble via Kerb/SASL/GSSAPI- principal name mangled riemann_noodles Linux - Server 0 07-09-2008 01:08 PM
trouble getting LDAP working on arch linux bschiett Linux - Software 3 07-25-2007 10:17 AM
LXer: LDAP Series Part IV - Installing OpenLDAP on Debian Plus Some LDAP Commentary LXer Syndicated Linux News 0 10-31-2006 06:54 PM
Trouble with auto.master and LDAP Yalla-One Slackware 2 04-11-2006 05:04 PM
LDAP trouble: login on server OK, remote fails nielchiano Linux - Networking 2 04-29-2004 06:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration