[PLUG] AD authentication using LDAP over SSL not working
Ratnakar Sagare
ratnakar.sagare at gmail.com
Thu Jul 20 19:20:45 IST 2006
Hi Friends,
I am trying to configure single sign on mechanism in my hybrid
environment containing Windows & Linux hosts. I am using Windows
Server 2003 R2 as my authentication server. It successfully
authenticates linux nodes in normal configuration (without SSL).
But when I try to do the same with SSL; it doesn't work. I have
installed CA on the Win2k3 server and the certificate in the pem
fromat is also copied to necessary location at the linux node. Still
it is not working as desired.
Output of 'getent passwd' shows all the accounts on AD server but does
not terminate & does not give me root prompt.
Here's my /etc/ldap.conf file.
--------------------------------------START----------------------------------------------
host 192.168.30.215
base cn=Users,dc=qualex,dc=com
uri ldaps://192.168.30.215/
ldap_version 3
binddn cn=ldaptest,cn=Users,dc=qualex,dc=com
bindpw TestLdapSSL123
ssl on
TLS_CACERT /etc/ssl/certs/cacert.pem
TLS_REQCERT never
port 636
scope sub
timeout 30
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber uidNumber
nss_map_attribute gidNumber gidNumber
nss_map_attribute cn sAMAccountName
nss_map_attribute uniqueMember msSFU30PosixMemberOf
nss_map_attribute userPassword unixUserPassword
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute loginShell LoginShell
nss_map_attribute gecos name
nss_map_objectclass posixGroup Group
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad
nss_base_passwd cn=Users,dc=qualex,dc=com?sub
nss_base_shadow cn=Users,dc=qualex,dc=com?sub
nss_base_group cn=Users,dc=qualex,dc=com?sub
----------------------------------------------------END--------------------------------------
Can you please look into this?
Thanks in advance,
Ratnakar
www.qualexsystems.com
More information about the Plug-mail
mailing list