lists.arthurdejong.org
RSS feed

Re: Cant set up authentication through AD

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Cant set up authentication through AD

On Tue, 14 Oct, 2014 at 12:35 , Oleg Makarov <oamakarov@platbox.com> wrote:
But in my conf I want to bind by share@test.local, why is it trying to bind as 'testing'?
Lookup vs. login. Logins will use the actual user. Normally you want the password to be confirmed server-side so you can enforce policies, and prevents impersonations.
there is not ntp server between servers but the time is closely correct.
I don't know if that matters. It's a good idea for eg. SSO, but you might not need it. 


this line is confusing me:
nslcd: [8b4567] <host=x> DEBUG: ldap_simple_bind_s("CN=share,CN=Users,DC=test,DC=local","***") (uri="ldap://192.168.93.95";) nslcd: [8b4567] <host=x> DEBUG: ldap_result(): end of results (0 total) 
is that mean that it didn't see a 'share' account ?


No, it means it bound, and searched for nothing.  It tests bind.


But ldapsearch works fine with 'share' and 'testing' acc!
ldapsearch -d8 -H ldap://192.168.93.95/ -W -LLL -o ldif-wrap=no -D 'CN=testing,CN=Users,DC=test,DC=local' -b 'cn=users,dc=test,dc=local' '(sAMAccountName=testing)' 
Enter LDAP Password:
dn: CN=testing,CN=Users,DC=test,DC=local
You aren't using '-x' with ldapsearch, which means SASL is in use. Have you setup nslcd for SASL? You can look for ldapsearch's settings in /etc/openldap/ldap.conf. 

Can you try ldapsearch with -x (no SASL)?



--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/