LDAP Bind DN Connection

Dear Support,

the connection to LDAP by phpLdapAdmin with default autentication “cn=libuser,dc=directory,dc=nh” and password by secret file works fine.

Unfortunately I can login by Apache Directory Studio but is all hole why?
What’s I wrong?

Thanks

Mario

Update…

I installed Apache Direcotry Studio on the Nethserver machine and the connection to LDAP works fine.
At this point, what I must to enable to browse LDAP remotely?

Thanks

Mario

If you’re on ns6 your connection requires STARTTLS and user credentials.

Edit:

unfortunately not works

Please see also the link above

The connection works but I cannot browse the LDAP tree and return “No such Object” error.
It seems that LDAP tree is browsable only from localhost.

Ehi @paspo you’re a LDAP expert, can you lend a hand to Mario?

I don’t understand why I cannot browse the directory.
If I use phpLdapAdmin or I run Apache Directory Studio on locally is ok…

If from my PC launch Apache Directory Studio I cannot browse.
For this, I must to connect a web application to use LDAP and the connection not works.

Mario

libuser can access from local host only. Please try with admin or any other user account!

This is exactly your problem.
I’ve encountered this “behavior” some time ago, and I changed to the way I wanted it (read only for everybody).
I’m too lazy to investigate the consequences of this modification, but for my use cases this is “secure enough”.

click here to see the modifications I made.

@alefattorini: no, I’m not an expert in any way. Expecially with LDAP. I’ve just configured it with my mighty hammer.

Just tried…nothing to do
I created a user on top called totaladmin but nothing.

Ok not an expert but a smart guy :wink:

The request LDAP Administration tool and ldaps looks similar to your. I can’t figure out why it does not work… :rolling_eyes:

Could you provide more details? Could you attach a log file or error message from the LDAP server?

Could you make an experiment from a remote host with the ldapsearch command? Please try with

ldapsearch -b dc=directory,dc=nh -ZZ -h yourserver -D uid=admin,ou=People,dc=directory,dc=nh -W

works!

mmmmmmm…monday will try by the web app

thanks

works from a server but not from the Apache Directory Studio?

It’s very strange!!!

1 Like

Failed to login from web app.

This is the slapd log:

Sep 26 11:38:50 nstest slapd[3652]: conn=1190 op=2 BIND anonymous mech=implicit ssf=0
Sep 26 11:38:50 nstest slapd[3652]: conn=1190 op=2 BIND dn=“uid=connuser,ou=People,dc=#####,dc=#####” method=128
Sep 26 11:38:50 nstest slapd[3652]: conn=1190 op=2 BIND dn=“uid=connuser,ou=People,dc=directory,dc=nh” mech=SIMPLE ssf=0
Sep 26 11:38:50 nstest slapd[3652]: conn=1190 op=2 RESULT tag=97 err=0 text=
Sep 26 11:38:50 nstest slapd[3652]: conn=1190 op=3 SRCH base=“ou=People,dc=#####,dc=#####” scope=0 deref=0 filter="(objectClass=*)“
Sep 26 11:38:50 nstest slapd[3652]: conn=1190 op=3 SEARCH RESULT tag=101 err=32 nentries=0 text=
Sep 26 11:38:50 nstest slapd[3652]: conn=1191 fd=39 ACCEPT from IP=10.0.0.111:36153 (IP=0.0.0.0:389)
Sep 26 11:38:50 nstest slapd[3652]: conn=1191 op=0 BIND dn=“uid=connuser,ou=People,dc=u#####,dc=#####” method=128
Sep 26 11:38:50 nstest slapd[3652]: conn=1191 op=0 BIND dn=“uid=connuser,ou=People,dc=directory,dc=nh” mech=SIMPLE ssf=0
Sep 26 11:38:50 nstest slapd[3652]: conn=1191 op=0 RESULT tag=97 err=0 text=
Sep 26 11:38:50 nstest slapd[3652]: conn=1191 op=1 SRCH base=“ou=People,dc=u#####,dc=#####” scope=2 deref=0 filter=”(&(objectClass=sambaSamAccount)(objectClass=shadowAccount)(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=person)(objectClass=top)(uid=lanno))"
Sep 26 11:38:50 nstest slapd[3652]: conn=1191 op=1 SRCH attr=displayName uid employeeNumber
Sep 26 11:38:50 nstest slapd[3652]: conn=1191 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=

maybe I wrong anything
The requested fields are:

rDN Attribute = uid
User id Attribute = uid
Login Name Attribute = uid
LDAP Object Class = sambaSamAccount

Connection DN = uid=user,ou=People,dc=domain,dc=com

Users DN = ou=People,dc=domain,dc=com
Base Search Users = subtree

Group DN = ou=Groups,dc=domain,dc=com

ssf=0 means the connection is not encrypted. Can you see similar lines in the same log file when you run the ldapsearch command above?

fd=50 TLS established tls_ssf=256 ssf=256

could I disable TLS for test?