Hello,
We're about to identify our Linux users against AD/Ldap. Our Linux test server is domain Member, winbind ,kerberos and Samba SSO are working fine.
Next step is to read user attributes from active directory and at this point we suck.
Quote:
nagios:~ # ldapsearch -x ""
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting:
#
# search result
search: 2
result: 1 Operations error
text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this ope
ration a successful bind must be completed on the connection., data 0, vece
We have created a functional user for ldap queries. In my AD GUI i find this user within the following path.
DOMAIN.COM/BS/fusers/linux_ldap_user
ldap.conf
Quote:
host 10.64.3.138
base DC=DOMAIN,DC=COM
uri ldap://CPC0D8A.domain.com/
binddn cn=linux-ldap-user,cn=BS,cn=fusers,dc=DOMAIN,dc=COM
bindpw secret
scope sub
bind_timelimit 15
timelimit 15
ssl start_tls
referrals no
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup group
nss_map_attribute gecos cn
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute uniqueMember member
nss_initgroups_ignoreusers root,ldap
ldap_version 2
pam_password crypt
pam_filter objectclass=posixAccount
Any hints to get closer ?