Hi,
I’m trying to read the user list of a NS active directory from another NS (firewall) machine with LDAP as account provider. The settings are the same as in LdapAdmin where it works. But in the NS client the users and groups tables stay empty.
Can anybody help?
Thanks and regards,
Ralph
With which program or tool do you want to read the user list?
Maybe you need to disable strong auth on your NS AD server to make it work:
EDIT:
If I understand you correctly you want to use a remote AD but having local LDAP installed, I don’t know if this is possible. You may join the AD with the firewall but a combination of local LDAP and remote AD seems not possible to me.
The second NS system - the client - offers as Account Provider either joining the AD or LDAP. I want to use LDAP because it’s sufficient to read users and groups from the AD LDAP.
There is no third application involved. I installed the Chat server on the NS client which should be able to check the users.
Don’t know if it works this way. Usually you have to take the right counterpart like for remote AD you need an AD account provider. Why not just join the remote AD?
I hesitate to join the firewall to the AD. As I wrote before, I can see the whole LDAP tree using the same settings.
The NS AD controller is a LDAP server as well, isn’t it? So why shouldn’t it work?
I guess both implementations use different ldap schemes and fields do not match.
Do you say that there is an inconsistency within NS?
didn’t look at the code but the user list might expect different fields when joined to an AD based account provider or an (open)LDAP provider they use different RFC LDAP schemes.
AD has “cn”, LDAP “uid” for instance…
It’s for using remote LDAP. I am sorry but for using AD as directory service it seems you have to use remote AD.
I am using remote AD on my firewall too for getting VPN accounts from my AD and it works like a charm.
If you are really strict then any additional application on a firewall may be a security risk, no matter if AD or LDAP IMO.
