RSS feed

Re: Cant set up authentication through AD

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Cant set up authentication through AD

On Tue, 14 Oct, 2014 at 12:35 , Oleg Makarov <> wrote:
But in my conf I want to bind by share@test.local, why is it trying to bind as 'testing'?

Lookup vs. login. Logins will use the actual user. Normally you want the password to be confirmed server-side so you can enforce policies, and prevents impersonations.

there is not ntp server between servers but the time is closely correct.

I don't know if that matters. It's a good idea for eg. SSO, but you might not need it.

this line is confusing me:
nslcd: [8b4567] <host=x> DEBUG: ldap_simple_bind_s("CN=share,CN=Users,DC=test,DC=local","***") (uri="ldap://";) nslcd: [8b4567] <host=x> DEBUG: ldap_result(): end of results (0 total)
is that mean that it didn't see a 'share' account ?

No, it means it bound, and searched for nothing.  It tests bind.

But ldapsearch works fine with 'share' and 'testing' acc!
ldapsearch -d8 -H ldap:// -W -LLL -o ldif-wrap=no -D 'CN=testing,CN=Users,DC=test,DC=local' -b 'cn=users,dc=test,dc=local' '(sAMAccountName=testing)'
Enter LDAP Password:
dn: CN=testing,CN=Users,DC=test,DC=local

You aren't using '-x' with ldapsearch, which means SASL is in use. Have you setup nslcd for SASL? You can look for ldapsearch's settings in /etc/openldap/ldap.conf.

Can you try ldapsearch with -x (no SASL)?

To unsubscribe send an email to or see