Questions tagged [ldap]
Lightweight Directory Access Protocol (LDAP) for reading and editing directories over an IP network
2,738
questions
0
votes
1
answer
76
views
What is the LDAP syntax to query a sub domain?
I have a group MySoftwareUsers in the nam.con.internal.contoso.com domain.
The software I am installing doesn't have an option to specify a location to search, it uses the root domain con.internal....
- 101
0
votes
0
answers
34
views
AD recursive LDAP query for unexpired temporary group memberships
With Privileged Access Management for ADDS (on-premises), it is possible to temporary add a member to a group, e.g. using powershell Add-ADGroupMember.
Additionally, it is possible to use LDAPs ...
- 101
2
votes
1
answer
65
views
RHEL 9 use ldap (AD) for authentication only
I want to manage users locally on an RHEL 9 system. I want to create, delete, associate with groups all locally. However I want their password to be validated against LDAP. If they don't exists in ...
- 21
1
vote
1
answer
29
views
openLDAP works for v2.4 but v2.6 returns: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
I have been facing this problem for a few days by now, and I would like to preface this by stating that this is the first time I have ever used ldap. So after debugging a bit around the error I have ...
- 11
0
votes
0
answers
35
views
pgina not able to authorize as per rules
I have the following settings
img 1
and these are the authorization rules I have added
img 2
Yet pgina is unable to correctly identify and follow the rules.
Here is the output of simulation.
bwayne is ...
- 1
0
votes
2
answers
54
views
Load balance LDAPS with Network load balancer Layer 3/Layer 4 (IP protocol)
I'm trying to setup a Network Load Balancer which direct traffic to healthy servers based on Layer 3/Layer 4 (IP protocol) data.
Question: Does this work for LDAP over SSL (LDAPS)? (I'm aware layer 7 ...
- 125
0
votes
1
answer
57
views
How to define the password protection scheme (e.g. hash function) used by ldappasswd?
I am using OpenLDAP 2.6. When I set an object's password via
ldappasswd -x -D <dn of root user> -W -S <dn of object whose pwd shall be set>
then some hash of the password end up in the ...
- 161
0
votes
1
answer
54
views
Where do I find the LDAP scheme for Postifx or which alternative should I use?
The howto https://www.postfix.org/LDAP_README.html describes LDAP object with
object classes
virtualaccount
ldapgroup
ldapuser
attributes
mail
memberdn
memberaddr
maildrop
Where do I find the ...
- 161
0
votes
0
answers
25
views
Include fields on an LDAP user search?
I am running an Authentik instance with an LDAP provider/outpost. To test it out, I've bound an Ubuntu server with sssd to the LDAP server. Everything is working great (...finally).
But I am curious ...
- 1
1
vote
1
answer
142
views
openldap - adding image to 'photo' attribute gives me 'no validator for syntax'
New to openLDAP - i'm trying to simply add a base64 encoded binary (16Kb) image to the photo attribute to the person objectClass but whatever i try i simply get this error 'no validator for syntax 1.3....
- 113
0
votes
0
answers
92
views
SSH with LDAP authentication within a Docker container
Im trying to setup a ssh jumphost with docker that uses LDAP authentication. I'm running the container as rootless.
Note: This is all currently as testing but would love to hear some feedback about ...
- 1
0
votes
0
answers
73
views
I am an LDAP user. Why can't I change my shell despite being listed in /etc/shells?
I can't change my shell. The following shell output shows what I have tried. How can I change my shell to /usr/bin/fish?
[michael@vps ~]$ chsh.ldap -s /usr/bin/fish michael
/usr/bin/chsh.ldap: /usr/...
- 151
0
votes
0
answers
35
views
openLDAP olcAccess settings
i have installed openLdap server on a Rokye Linux:
[root@localhost etc]# cat rocky-release
Rocky Linux release 8.8 (Green Obsidian)
I created the manager account following this guide on how to forge.
...
- 1
0
votes
1
answer
105
views
Cannot passwd for root with nslcd and openldap on Debian 12
Fresh Debian 12 for lab (VM). I installed: slapd, phpldapadmin, nslcd, nscd and dependencies.
I have two local accounts: root and user1. Also I have only user1 POSIX-account on local LDAP server.
I ...
- 21
0
votes
1
answer
33
views
External LDAP SMIME Public Key Search Fails from Outlook for iOS With NoSuchObject
The Outlook for iOS documentation seems to indicate that it's possible to configure an external LDAP address to search for SMIME public key certificates: https://learn.microsoft.com/en-us/exchange/...
- 1
0
votes
1
answer
305
views
How can ldapsearch look for a specific user with a specific group?
I'm working on some ldap authentication, and one of the things I need to do is require users be part of a specific group. To best replicate the functionality I can use this query
ldapsearch -x -H &...
- 101
-1
votes
1
answer
46
views
Setting up school wifi network with SSO linked to azure AD without local server
I am trying to restrict school Wi-Fi usage to staff and students. In addition would like to get user-wise usage data. Our current Wi-Fi network and access points are built on Cisco Access points and ...
- 119
0
votes
1
answer
147
views
Can't BIND to Active Directory over LDAPS
I have a DC running on Windows Server 2019, and it has the Domain Services role installed. I have a multi-tier CA set up in the same domain using the AD CS role (Root powered off, intermediate powered ...
- 179
0
votes
1
answer
118
views
LDAP server migration from Debian to Ubuntu Error
We are trying to migrate ldap from an outdated Debian server to a Ubuntu server. All attempts at using slapcat, modifying the config manually, and other tricks have failed. I believe the old database ...
- 11
0
votes
0
answers
45
views
LDAP config on Openfiler SAN
We have a production Openfiler SAN (vs 2.99) that has been using Windows Authentication to grab groups for file permissions for 5 or 6 years now (configured via the GUI). It's pointing to the then, ...
- 1
0
votes
1
answer
105
views
Is it possible to disable ldap passwords for a user without disabling their account?
We have a cluster that uses an internal LDAP domain for user authentication that previously used passwords stored in LDAP. We have now moved the login machine to use krb5 for password authentication ...
- 3
0
votes
0
answers
123
views
LDAP: how to fetch group members by group's memberUid?
I'm trying to write a single LDAP search filter to retrieve users who are member of a particular group.
We're running a custom LDAP implementation (running on OpenLDAP: slapd 2.4.40), where the ...
- 999
0
votes
0
answers
58
views
Resetting user password from hybrid ad desktop without azure writeback
Within an environment with a "local" ad setup with its on directly connected desktops as well as having an azure AD with a connection between the two ADs, password writeback is not to be ...
- 101
0
votes
0
answers
54
views
How to enable LDAP login in docker rundeck?
I use the following script to start the container, but it keeps using the realm.properties instead of the LDAP setup.
The file jaas-ldap.conf works as is in rundeck2 which was set up with a different ...
- 1
0
votes
2
answers
97
views
LDAPS Auth very slow in Moodle
I have a moodle-installation that uses LDAPS auth which is very slow or does not work at all. It is debian 12, apache2.4, moodle4.1 and php7.4.
I had a test installation where things were just fine, I ...
- 1
0
votes
0
answers
186
views
Cannot connect to LDAP server ERRNO=0
I have a php application (apache,redhat with selinux disabled) and I am struggling with ldap configuration. I am trying to connect to a ldap server and I am getting this error in apache logs:
...
0
votes
0
answers
428
views
Active Directory LDAP logon failure
I'm at the end of my wits with this issue and I'm hoping some genius here can assist. Background: We have a client (a hospital) with 3 sites in AD and two DCs at each site. These DCs are 2012 and we'...
0
votes
1
answer
498
views
LDAPS certificate isn't working on new server for third parties
About 5-6 years ago I setup LDAPS on my Primary Domain controller. I setup Active Directory Certificate Services (all on the same server), forwarded the port 636 on my firewall, and was able to ...
- 634
0
votes
0
answers
57
views
SSSD LDAP CONFIGURATION
I am trying to configure ldap on port 636 on a redhat server. Right now, when I try the following command :
netstat -antup | grep -i 636
I get
tcp 0 132 IP_ADDRESS_1:40670 XX.XX.XX.XX:...
0
votes
0
answers
532
views
Unable to login via SSH to a Linux machine with my LDAP credentials
I am trying to setup LDAP for users to login to Linux machines. I can change the users to any given users in the LDAP list of users using the su command. A new directory is created as well. So I'm ...
1
vote
1
answer
84
views
OpenLDAP ppolicy working with passwd, but not ldappasswd
I've been working on this for about a week, and can't seem to figure out why this is happening.
I've got passwd working, letting users change their own ldap password from a client machine, and it ...
- 115
1
vote
1
answer
274
views
Samba & LDAP: did not correctly init (error was NT_STATUS_NO_MEMORY)
I am trying to configure Samba to authenticate with a new ldap domain. In the logs I am seeing the following error:
pdb backend ldapsam:ldaps: did not correctly init (error was NT_STATUS_NO_MEMORY).
I ...
- 11
1
vote
1
answer
293
views
Troubleshooting Apache with GSS Proxy Authentication and LDAP Authorization
I'm setting up an internal web server on a domain-joined RHEL server with Kerberos authentication via GSS proxy and tiered authorization with LDAP, where Active Directory is the source of truth. ...
- 21
0
votes
1
answer
108
views
How can i connect on-premises LDAP over Internet? [closed]
I am developing a .net core API that will host on Azure. The main aim of this API is to connect with LDAP (On-premises). If the application hosts on-premises then there is no problem connecting with ...
- 101
1
vote
2
answers
227
views
How do I query user attributes from a Samba AD DC in Linux with Kerberos auth?
An answer exists for querying AD with password auth, which is working fine locally. What about Kerberos auth? Running ldapsearch with GSSAPI auth yields the following error:
$ ldapsearch -ZZ -Y GSSAPI ...
- 163
-1
votes
1
answer
110
views
Is there a way to restrict senders access in postfix depending on Active Directory group they're in?
I have a postfix server setup and it is authenticating against AD with dovecot.
Is there an option to configure it so one user in Group A can send mails as @a.local domain and user from Group B can ...
- 3
0
votes
0
answers
23
views
Bind DHCP Config with LDAP Database without DHCP-ISC
I want to get my DHCP Config from LDAP-Database. Especially the subnet hosts should be migrated there. However, I don't find a lot of information about this procedure. Is it not recommended? I ...
- 25
0
votes
0
answers
38
views
adding vlv(virtual list view) extension to openLDAP (LDAP) Server
Im currently working with LDAPRecord library in a Laravel project. I want to use a pagination function but it's required having virtual list view (vlv) extension to my ldap server
, I dont quite know ...
0
votes
0
answers
89
views
Is Certificates are required for STARTTLS connection on LDAP
My LDAP server's ldap.conf file
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=coretesting,dc=com
URI ldap://ldap....
- 7
0
votes
0
answers
76
views
Authentication and user manager for Ubuntu
I'm a little bit confused about user management / authentication systems.
I would like to achieve the following:
Have a central database of users / organization units (like Active Directory) - ...
- 125
0
votes
0
answers
80
views
Is it possible to add memberUid as bind DN
Can we use memberUid for bind dn string.
Here is my sample ldif file
dn: cn=posixgroup,dc=memtesting,dc=com
objectClass: top
objectClass: posixGroup
gidNumber: 1001
cn: posixgroup
memberUid: posixuser
...
- 7
0
votes
1
answer
563
views
Synology join LDAP domain: failed to load user data
I'm currently trying to setup SSO on a synology nas using Keycloak and ApacheDS. I've successfully joined the domain and can finally see all users and groups in the directory and I can edit the groups ...
- 123
0
votes
0
answers
227
views
Load Balancer for LDAP(S)
I have created a load balancer in the cloud with backend servers running FreeIPA.
When I try to run:
$ ldapsearch -x -H ldap:<IP-ADDRESS> -b "dc=example,dc=com
ldap_sasl_bind(SIMPLE): Can't ...
- 125
0
votes
1
answer
1k
views
How does userPassword attribute work in LDAP?
I'm just learning about LDAP, and there's something I don't quite understand.
When we create users in a directory, we define their password using the userPassword. When we use for example the {SSHA} ...
- 143
1
vote
2
answers
181
views
Get Windows AD DC with SHA1 signed cert to accept LDAP (StartTLS) connections from OpenSSL 3 clients
Trying to get Windows Active Directory DC (with SHA1 signed certificate) to accept LDAP(StartTLS) connections from WordPress Server using Next Active Directory Integration plugin. WordPress is running ...
0
votes
0
answers
27
views
how to select the ISE proxy sequence based on an LDAP lookup?
I am currently setting up a VOIP network for my customer, which includes 802.1x and MAB authentication.
The normal auth sequence goes like this:
The switch detects a new machine with no 802.1x ...
- 101
0
votes
1
answer
88
views
Issue with not being able to pars LDIF file (invalid format (line 5) entry: "cn=schema")
Trying to add a new attribute to a schema by using this command:
ldapmodify -f ./add-id-attribute.ldif -h localhost -p 50389 -D "cn=Directory Manager" -w mySecretPassword
And this LDIF file
...
0
votes
1
answer
170
views
ldap_group_search_base is not working as intented
I've used the below-given sssd.conf file to authorize the users to a server. The issue is some users who are not listed under the DN: cn=authorized,ou=rona,ou=servers,ou=groups,dc=yolo,dc=com still ...
0
votes
1
answer
82
views
What are all the certificates mandatory to be provide while setting TLSVerifyClient option to demand
In my case, I had set TLSVerifyClient to demand. I couldn't be able to establish a connection While providing TLSCACertificateFile alone.
While setting the TLSVerifyClient option demand is it ...
- 7
0
votes
0
answers
13
views
Specific olcAccess does not work for an OU in LDAP
On my OpenLDAP server, I would like the accounts in my "ou=partners" OU to have "read" permissions to all objects in "ou=abos". Here is the tree of my DIT :
[ditTree][1]
...
