LDAP query

Taking care of your Linux box.
Post Reply
zaeemarshad
Lieutenant Colonel
Posts: 660
Joined: Sat Jul 06, 2002 12:35 pm
Location: Islamabad
Contact:

LDAP query

Post by zaeemarshad »

i have been facing this problem for about a year now trying to solve it on my own but it seems like i dont possess enuff guts and the required talent to do it. The Mission Impossible is getting LDAP running on RHL8.0 r 9.0 . I want to provide a central authentication server and then move on to the AD stuff as M$ has developed AD over LDAP v3. did any one do it. my ldap fails as it says invalid credentials to bind with. i have tried everything from messing with slapd.conf and etc etc. i have all the freaking documentation and i have RTFM on my RHL box but even the basics dont get to work. can some one help.

regards
zaeem
zaeemarshad
Lieutenant Colonel
Posts: 660
Joined: Sat Jul 06, 2002 12:35 pm
Location: Islamabad
Contact:

Post by zaeemarshad »

should i expect a reply on this topic or is it closed. i think it will make a record of most views without an answer. BTW what is the current record at our forum
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear zaeemarshad,
Salam,

Sir, Check the following links MS Active Directory, LDAP Enabled Software, LDAP Authentication and http://www.wedgetail.com/technology/act ... ctory.html Hope these sites help you.

Best Regards.
Farrukh Ahmed
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Re: LDAP query

Post by lambda »

please describe your problem in more detail. do you want just linux systems to authenticate with your ldap server (via pam_ldap or something similar)? or do you want both linux systems and microsoft systems to authenticate with the same ldap db?

what schemas have you tried out? which web sites/howtos have you followed?
zaeemarshad
Lieutenant Colonel
Posts: 660
Joined: Sat Jul 06, 2002 12:35 pm
Location: Islamabad
Contact:

Post by zaeemarshad »

i at first want my linux system to authenticate from a ldap server saving me the hassle of replicating users on each system. the howto that i have followed is at
http://www.mandrakesecure.net/en/docs/ldap-auth2.php

though i am using RHL but it should not make any difference. anyway the error i get is when i am trying to move the hosts and other stuff to ldap tree using the padl's all_online script. when it asks for credentials to bind with i give it the name or cn i entered in slapd.conf but after asking for the password when it tries to connect to the base tree it says authentication failed. invalid credentials. i am following exactly as the above page says and i have tried a zillion time. plz help me out and plz donot point to commercial links as i am not interested in one. thanks for at least listening. thanks all

regards
zaeem
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear Zaeemarshad,
Salam,

Sir, Actually windows is not really using LDAP. I had asked this to many peoples.... they answered no.... AD includes LDAP, and future versions may actually use it properly.. but they still use their own proprietary SMB based RPCs to do anything useful. probably... but you should consider a PDC running samba instead.... much less headaches... You'll spend a month trying to hack this LDAP thing.... when a simple samba 3.0 setup will work...

Best Regards.
Farrukh Ahmed
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

can you connect from the commandline? like

ldapsearch -x -b 'dc=example,dc=com' -W -D 'cn=admin,dc=example,dc=com' '(uid=*)'

(change the options to match your site)
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear lambda,
Salam,

As, Mr.Zaeem Arshad Told me that he want to make LDAP as an Authrentication server which will Authrenticate Linux as well as M$ Windows 2000 Server which is running AD...

Best Regards.
Farrukh Ahmed
zaeemarshad
Lieutenant Colonel
Posts: 660
Joined: Sat Jul 06, 2002 12:35 pm
Location: Islamabad
Contact:

Post by zaeemarshad »

actually i followed the tutorial given on mandrakesecure.com . when i use the padl's script all_online to move my system data to the ldap tree it asks for the manager name and password which i enter exactly as i have then in my slapd.conf. but it says invalid credentials. and is unable to add data. i followed exactly as the tutorial pointed out but no use. i am using RHl 7.3,8.0,9.0 . thanks for the input

regards
zaeem
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear Zaeem Arshad,
Salam,

Sir Check this Link hope it will help you alot http://www.padl.com/Contents/Documentation.html

Best Regards.
Farrukh Ahmed
zaeemarshad
Lieutenant Colonel
Posts: 660
Joined: Sat Jul 06, 2002 12:35 pm
Location: Islamabad
Contact:

Post by zaeemarshad »

dear lambda,
if you follow the tutorial i pointed out i am able to connect to the base tree but when i start to add an ldif file it throws out the invalid credentials error. i would like to make it clear that for authentication to succeed we first need to move our passwd,shadow and groups file as a bare minimum to the base tree. i would like to point out that MS does use LDAP in AD as we talk about schema editing. i also read in M$ documentation that they use LDAPv3 in AD. my teacher had an AD project and he used the ldap api windows provided for it so i am dead sure that M$ does use LDAP. SMB based RPC can only be used for session as i believe.

Regards
Zaeem
Post Reply