Questions tagged [ldap]
Lightweight Directory Access Protocol (LDAP) for reading and editing directories over an IP network
2,733
questions
0
votes
0
answers
24
views
I am an LDAP user. Why can't I change my shell despite being listed in /etc/shells?
I can't change my shell. The following shell output shows what I have tried. How can I change my shell to /usr/bin/fish?
[michael@vps ~]$ chsh.ldap -s /usr/bin/fish michael
/usr/bin/chsh.ldap: /usr/...
- 151
0
votes
0
answers
10
views
openLDAP olcAccess settings
i have installed openLdap server on a Rokye Linux:
[root@localhost etc]# cat rocky-release
Rocky Linux release 8.8 (Green Obsidian)
I created the manager account following this guide on how to forge.
...
- 1
0
votes
0
answers
10
views
Cannot passwd for root with nslcd and openldap on Debian 12
Fresh Debian 12 for lab (VM). I installed: slapd, phpldapadmin, nslcd, nscd and dependencies.
I have two local accounts: root and user1. Also I have only user1 POSIX-account on local LDAP server.
I ...
- 21
0
votes
1
answer
20
views
External LDAP SMIME Public Key Search Fails from Outlook for iOS With NoSuchObject
The Outlook for iOS documentation seems to indicate that it's possible to configure an external LDAP address to search for SMIME public key certificates: https://learn.microsoft.com/en-us/exchange/...
- 1
0
votes
1
answer
43
views
How can ldapsearch look for a specific user with a specific group?
I'm working on some ldap authentication, and one of the things I need to do is require users be part of a specific group. To best replicate the functionality I can use this query
ldapsearch -x -H &...
- 101
-1
votes
1
answer
26
views
Setting up school wifi network with SSO linked to azure AD without local server
I am trying to restrict school Wi-Fi usage to staff and students. In addition would like to get user-wise usage data. Our current Wi-Fi network and access points are built on Cisco Access points and ...
- 119
0
votes
1
answer
50
views
Can't BIND to Active Directory over LDAPS
I have a DC running on Windows Server 2019, and it has the Domain Services role installed. I have a multi-tier CA set up in the same domain using the AD CS role (Root powered off, intermediate powered ...
- 179
0
votes
1
answer
77
views
LDAP server migration from Debian to Ubuntu Error
We are trying to migrate ldap from an outdated Debian server to a Ubuntu server. All attempts at using slapcat, modifying the config manually, and other tricks have failed. I believe the old database ...
- 11
0
votes
0
answers
43
views
LDAP config on Openfiler SAN
We have a production Openfiler SAN (vs 2.99) that has been using Windows Authentication to grab groups for file permissions for 5 or 6 years now (configured via the GUI). It's pointing to the then, ...
- 1
0
votes
1
answer
45
views
Is it possible to disable ldap passwords for a user without disabling their account?
We have a cluster that uses an internal LDAP domain for user authentication that previously used passwords stored in LDAP. We have now moved the login machine to use krb5 for password authentication ...
- 3
0
votes
0
answers
37
views
LDAP: how to fetch group members by group's memberUid?
I'm trying to write a single LDAP search filter to retrieve users who are member of a particular group.
We're running a custom LDAP implementation (running on OpenLDAP: slapd 2.4.40), where the ...
- 989
0
votes
0
answers
35
views
Resetting user password from hybrid ad desktop without azure writeback
Within an environment with a "local" ad setup with its on directly connected desktops as well as having an azure AD with a connection between the two ADs, password writeback is not to be ...
- 101
0
votes
0
answers
35
views
How to enable LDAP login in docker rundeck?
I use the following script to start the container, but it keeps using the realm.properties instead of the LDAP setup.
The file jaas-ldap.conf works as is in rundeck2 which was set up with a different ...
- 1
0
votes
2
answers
55
views
LDAPS Auth very slow in Moodle
I have a moodle-installation that uses LDAPS auth which is very slow or does not work at all. It is debian 12, apache2.4, moodle4.1 and php7.4.
I had a test installation where things were just fine, I ...
- 1
0
votes
0
answers
74
views
Cannot connect to LDAP server ERRNO=0
I have a php application (apache,redhat with selinux disabled) and I am struggling with ldap configuration. I am trying to connect to a ldap server and I am getting this error in apache logs:
...
0
votes
0
answers
144
views
Active Directory LDAP logon failure
I'm at the end of my wits with this issue and I'm hoping some genius here can assist. Background: We have a client (a hospital) with 3 sites in AD and two DCs at each site. These DCs are 2012 and we'...
0
votes
1
answer
157
views
LDAPS certificate isn't working on new server for third parties
About 5-6 years ago I setup LDAPS on my Primary Domain controller. I setup Active Directory Certificate Services (all on the same server), forwarded the port 636 on my firewall, and was able to ...
- 634
0
votes
0
answers
30
views
SSSD LDAP CONFIGURATION
I am trying to configure ldap on port 636 on a redhat server. Right now, when I try the following command :
netstat -antup | grep -i 636
I get
tcp 0 132 IP_ADDRESS_1:40670 XX.XX.XX.XX:...
0
votes
0
answers
128
views
Unable to login via SSH to a Linux machine with my LDAP credentials
I am trying to setup LDAP for users to login to Linux machines. I can change the users to any given users in the LDAP list of users using the su command. A new directory is created as well. So I'm ...
1
vote
1
answer
54
views
OpenLDAP ppolicy working with passwd, but not ldappasswd
I've been working on this for about a week, and can't seem to figure out why this is happening.
I've got passwd working, letting users change their own ldap password from a client machine, and it ...
- 115
1
vote
1
answer
127
views
Samba & LDAP: did not correctly init (error was NT_STATUS_NO_MEMORY)
I am trying to configure Samba to authenticate with a new ldap domain. In the logs I am seeing the following error:
pdb backend ldapsam:ldaps: did not correctly init (error was NT_STATUS_NO_MEMORY).
I ...
- 11
1
vote
1
answer
156
views
Troubleshooting Apache with GSS Proxy Authentication and LDAP Authorization
I'm setting up an internal web server on a domain-joined RHEL server with Kerberos authentication via GSS proxy and tiered authorization with LDAP, where Active Directory is the source of truth. ...
- 21
0
votes
1
answer
66
views
How can i connect on-premises LDAP over Internet? [closed]
I am developing a .net core API that will host on Azure. The main aim of this API is to connect with LDAP (On-premises). If the application hosts on-premises then there is no problem connecting with ...
- 101
1
vote
2
answers
157
views
How do I query user attributes from a Samba AD DC in Linux with Kerberos auth?
An answer exists for querying AD with password auth, which is working fine locally. What about Kerberos auth? Running ldapsearch with GSSAPI auth yields the following error:
$ ldapsearch -ZZ -Y GSSAPI ...
- 163
-1
votes
1
answer
59
views
Is there a way to restrict senders access in postfix depending on Active Directory group they're in?
I have a postfix server setup and it is authenticating against AD with dovecot.
Is there an option to configure it so one user in Group A can send mails as @a.local domain and user from Group B can ...
- 3
0
votes
0
answers
21
views
Bind DHCP Config with LDAP Database without DHCP-ISC
I want to get my DHCP Config from LDAP-Database. Especially the subnet hosts should be migrated there. However, I don't find a lot of information about this procedure. Is it not recommended? I ...
- 25
0
votes
0
answers
32
views
adding vlv(virtual list view) extension to openLDAP (LDAP) Server
Im currently working with LDAPRecord library in a Laravel project. I want to use a pagination function but it's required having virtual list view (vlv) extension to my ldap server
, I dont quite know ...
0
votes
0
answers
51
views
Is Certificates are required for STARTTLS connection on LDAP
My LDAP server's ldap.conf file
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=coretesting,dc=com
URI ldap://ldap....
- 11
0
votes
0
answers
49
views
Authentication and user manager for Ubuntu
I'm a little bit confused about user management / authentication systems.
I would like to achieve the following:
Have a central database of users / organization units (like Active Directory) - ...
- 125
0
votes
0
answers
50
views
Is it possible to add memberUid as bind DN
Can we use memberUid for bind dn string.
Here is my sample ldif file
dn: cn=posixgroup,dc=memtesting,dc=com
objectClass: top
objectClass: posixGroup
gidNumber: 1001
cn: posixgroup
memberUid: posixuser
...
- 11
0
votes
1
answer
352
views
Synology join LDAP domain: failed to load user data
I'm currently trying to setup SSO on a synology nas using Keycloak and ApacheDS. I've successfully joined the domain and can finally see all users and groups in the directory and I can edit the groups ...
- 123
0
votes
0
answers
145
views
Load Balancer for LDAP(S)
I have created a load balancer in the cloud with backend servers running FreeIPA.
When I try to run:
$ ldapsearch -x -H ldap:<IP-ADDRESS> -b "dc=example,dc=com
ldap_sasl_bind(SIMPLE): Can't ...
- 131
0
votes
1
answer
694
views
How does userPassword attribute work in LDAP?
I'm just learning about LDAP, and there's something I don't quite understand.
When we create users in a directory, we define their password using the userPassword. When we use for example the {SSHA} ...
- 133
1
vote
2
answers
104
views
Get Windows AD DC with SHA1 signed cert to accept LDAP (StartTLS) connections from OpenSSL 3 clients
Trying to get Windows Active Directory DC (with SHA1 signed certificate) to accept LDAP(StartTLS) connections from WordPress Server using Next Active Directory Integration plugin. WordPress is running ...
0
votes
0
answers
19
views
how to select the ISE proxy sequence based on an LDAP lookup?
I am currently setting up a VOIP network for my customer, which includes 802.1x and MAB authentication.
The normal auth sequence goes like this:
The switch detects a new machine with no 802.1x ...
- 101
0
votes
1
answer
59
views
Issue with not being able to pars LDIF file (invalid format (line 5) entry: "cn=schema")
Trying to add a new attribute to a schema by using this command:
ldapmodify -f ./add-id-attribute.ldif -h localhost -p 50389 -D "cn=Directory Manager" -w mySecretPassword
And this LDIF file
...
0
votes
1
answer
98
views
ldap_group_search_base is not working as intented
I've used the below-given sssd.conf file to authorize the users to a server. The issue is some users who are not listed under the DN: cn=authorized,ou=rona,ou=servers,ou=groups,dc=yolo,dc=com still ...
0
votes
1
answer
65
views
What are all the certificates mandatory to be provide while setting TLSVerifyClient option to demand
In my case, I had set TLSVerifyClient to demand. I couldn't be able to establish a connection While providing TLSCACertificateFile alone.
While setting the TLSVerifyClient option demand is it ...
- 11
0
votes
0
answers
12
views
Specific olcAccess does not work for an OU in LDAP
On my OpenLDAP server, I would like the accounts in my "ou=partners" OU to have "read" permissions to all objects in "ou=abos". Here is the tree of my DIT :
[ditTree][1]
...
0
votes
0
answers
63
views
HAProxy load balancing check
I have two LDAP servers that replicate together on my LAN. I have a Pfsense CE that performs a load balancing on my two servers for the requests from the WAN. Is it possible to check the number of ...
1
vote
1
answer
115
views
Debian 11 + ProFTPd and LDAPS
I'm trying to authenticate my FTP users from Active Directory using LDAPS over SSL (port 636).
I managed to get it working using simple LDAP on port 389 and now I would like to increase security!
OS ...
- 53
0
votes
1
answer
328
views
LDAP replication to server with Let's Encrypt certificate fails, "unable to get issuer certificate"
I am currently trying to set up LDAP replication between to instances of 389 Directory Server (both running on Fedora 37), which I'll call $SUPPLIER and $CONSUMER in the following (serving at the ...
- 51
1
vote
1
answer
227
views
Setup SSO : openldap, kerberos, nfs(truenas) :
Currently I am able to setup a SSO NFS setup with openldap ldap server and Truenas NFS server (with LDAP access configured). The ubuntu clients are able to use pam-mount to mount the nfs home shares. ...
- 13
1
vote
0
answers
133
views
CentOS 7, Integrating SAMBA server with LDAP server to authenticate users through LDAP
I spent many hours trying to solve my problem, but unfortunately to no avail.
Im configuring SAMBA server on CentOS 7. I want to fetch users' credentials from LDAP server, so they will be able to ...
- 11
0
votes
0
answers
97
views
Dspace 7.4 authentication with LDAP Active Directory
Could you suggest step by step how to enable authorization through Active Directory in repository Dspace 7.4?
Repository Dspace 7.4 installed in virtual Ubuntu server. Active directory in Windows ...
0
votes
1
answer
47
views
Strange hash lengths in OpenLDAP
I recently went through all the hashes stored in an LDAP instance I have access to and noticed something strange that I can't explain.
Despite all the hashes being marked as SSHA (which should be ...
- 11
1
vote
0
answers
100
views
LDAP postfix "User doesn't exist"
I have a postfix server, which forwards all the emails to a dovecot server via LMTP. The usersname/groups are kept in a 389-Directory Server (LDAP)
In /etc/postfix/transport I have a few lines like (...
- 11
0
votes
0
answers
10
views
detect when sssd connects to the ladp server and finds a specific group in boot
I am looking to find a way so when system is booting , i can detect when sssd connect to LDAP server and finds a specific group then reload the systemd-udevd.
i actually want to automate all of these ...
- 1
0
votes
0
answers
133
views
How to delete olcAttributeTypes LDAP
Is there a way to delete olcAttributeTypes from my schema?
It's not a system attribute, I added it myself, now I need to delete it.
I'm using LAM (LDAP Account Manager) v5.6
The attribute is located ...
0
votes
0
answers
429
views
failed to bind to LDAP server ldap://<server IP>/: Can't contact LDAP server: Transport endpoint is not connected
Users are unable to login to network cluster.
var/log/messages =
failed to bind to LDAP server ldap://<ldap server hostname>: Can't contact LDAP server: Transport endpoint is not connected
no ...
- 1