Has anybody done any authentication to Lotus Domino using LDAP? I selected LDAP options in the "authconfig-tui" application, per the documentation here: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-ldap-pam.html when I try to query the directory for user information though, I get no results using the ldapsearch command [root at ldapclient ~]# ldapsearch -x uid=crichards # extended LDIF # # LDAPv3 # base <> with scope subtree # filter: uid=crichards # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 I'm not quite sure what I'm missing, as I can manually query the directory for, say, a uid, with the "ldapsearch" command with options specified and it returns the correct info from the directory. [root at ldapclient ~]# ldapsearch -H ldap://domino.mydomain.com -W -D Charles\ Richards -x uid=crichards Enter LDAP Password: **** # extended LDIF # # LDAPv3 # base <> with scope subtree # filter: uid=crichards # requesting: ALL # # Charles Richards, NewPush dn: CN=Charles Richards,O=MyDomain cn: Charles Richards mail: CRichards at mydomain.com displayname: Charles Richards/MyDomain messagestorage: 1 encryptincomingmail: 0 roaminguser: 0 <snip> ... I have a feeling I'm missing something in my /etc/ldap.conf regarding how I'm binding to the directory (I've tried using my CN=Charles Richards for the binddn and rootbinddn to no avail...) Any tips or info are greatly appreciated! Thanks, Charles Richards richardsc at gmail.com charlesrichards.net
> base <>I don't really know too much about LDAP, and I know less about Lotus Domino, so hopefully I'm not blowing in the wind, but shouldn't this have something in it? Like "dc=yourcompany,dc=com"? Maybe with an "ou=people" prepended to it so it knows to look in the right subtree? -- Spiro Harvey Knossos Networks Ltd 021-295-1923 www.knossos.net.nz -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20090107/118e9570/attachment-0004.sig>
On Tue, 2009-01-06 at 19:47 -0700, Charles Richards wrote:> Has anybody done any authentication to Lotus Domino using LDAP? > > I selected LDAP options in the "authconfig-tui" application, per the > documentation here: > > http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-ldap-pam.html > > > when I try to query the directory for user information though, I get > no results using the ldapsearch command > > [root at ldapclient ~]# ldapsearch -x uid=crichards > > # extended LDIF > # > # LDAPv3 > # base <> with scope subtree > # filter: uid=crichards > # requesting: ALL > # > > # search result > search: 2 > result: 0 Success > > # numResponses: 1 > > > I'm not quite sure what I'm missing, as I can manually query the > directory for, say, a uid, with the "ldapsearch" command with options > specified and it returns the correct info from the directory. > > [root at ldapclient ~]# ldapsearch -H ldap://domino.mydomain.com -W -D > Charles\ Richards -x uid=crichards > > Enter LDAP Password: **** > # extended LDIF > # > # LDAPv3 > # base <> with scope subtree > # filter: uid=crichards > # requesting: ALL > # > > # Charles Richards, NewPush > dn: CN=Charles Richards,O=MyDomain > cn: Charles Richards > mail: CRichards at mydomain.com > displayname: Charles Richards/MyDomain > messagestorage: 1 > encryptincomingmail: 0 > roaminguser: 0 > > <snip> ... > > > I have a feeling I'm missing something in my /etc/ldap.conf regarding > how I'm binding to the directory (I've tried using my CN=Charles > Richards for the binddn and rootbinddn to no avail...) > > > Any tips or info are greatly appreciated!---- I'm not sure that I'm going to be all that helpful here but...> # search result > search: 2 > result: 0 Successactually means that 1 - You did successfully bind to LDAP and 2 - that LDAP gave you all the records that matched your filter. since you gave us, "dn: CN=Charles Richards,O=MyDomain"... ldapsearch -x 'cn=Charles Richards' would actually return that same record The tips/info that I would give you is buy the book...LDAP System Administration by Gerald Carter because that simplifies the whole LDAP/System authentication thing. Craig
Charles Richards wrote:> Has anybody done any authentication to Lotus Domino using LDAP? > > I selected LDAP options in the "authconfig-tui" application, per the > documentation here: > > http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-ldap-pam.html > > > when I try to query the directory for user information though, I get > no results using the ldapsearch command > > [root at ldapclient ~]# ldapsearch -x uid=crichards > > # extended LDIF > # > # LDAPv3 > # base <> with scope subtree > # filter: uid=crichards > # requesting: ALL > # > > # search result > search: 2 > result: 0 Success > > # numResponses: 1 > > > I'm not quite sure what I'm missing, as I can manually query the > directory for, say, a uid, with the "ldapsearch" command with options > specified and it returns the correct info from the directory. > > [root at ldapclient ~]# ldapsearch -H ldap://domino.mydomain.com -W -D > Charles\ Richards -x uid=crichards > > Enter LDAP Password: **** > # extended LDIF > # > # LDAPv3 > # base <> with scope subtree > # filter: uid=crichards > # requesting: ALL > # > > # Charles Richards, NewPush > dn: CN=Charles Richards,O=MyDomain > cn: Charles Richards > mail: CRichards at mydomain.com > displayname: Charles Richards/MyDomain > messagestorage: 1 > encryptincomingmail: 0 > roaminguser: 0 > > <snip> ... > > > I have a feeling I'm missing something in my /etc/ldap.conf regarding > how I'm binding to the directory (I've tried using my CN=Charles > Richards for the binddn and rootbinddn to no avail...) >The bad news are that you can't use the integrated LDAP in domino for something else than domino attributes. You can't modify or add external schemas (like posix, samba, etc ...) , or has that changed ? Last time i looked at that it wasn't. Even their email addresses are not really compliants because it's a combination of the mail, uid and other attributes (like short name/alternate name) I had to put a sendmail relay box in front of multiple domino servers and i prefered querying the ldap once and build a local access table for sendmail than querying the domino ldap for each incoming mail. BTW i had to specify '-b ROOT' for the ldapsearch command before i could list the attributes Hope that it helps -- - Fabian Arrotin <fabian.arrotin at arrfab.net> "Internet network currently down, TCP/IP packets delivered now by UPS/Fedex ..."