search for: ldapsearch

hello list I'm having a very strange problem with my centos 5.5 system. For some strange reason, this machine cannot find ldapsearch: [root at VIRTCENT13 ~]# ldapsearch ldapsearch: Command not found. [root at VIRTCENT13 ~]# whereis ldapsearch ldapsearch: /usr/bin/ldapsearch /usr/share/man/man1/ldapsearch.1.gz ldapsearch currently lives at /usr/bin along with a lot of other really very useful tools. /usr/bin is also _clearl...

Hi, I'm trying to migrate samba 3 NT domain to samba 4 AD, we have migrated data and it seems correct, but now we need to connect with ldapsearch but always receive errors like ldap_bind: Strong(er) authentication required (8) additional info: BindSimple: Transport encryption required. command used is /usr/bin/ldapsearch -H ldap://server -x -LLL -z 0 -D "uid=user,ou=Users,dc=domain,dc=com" -w "pwd" -b "ou=...

Hi, solved only making this changes : in /etc/ldap/ldap.conf add TLS_CACERT /etc/ldap/ca.pem.crt sample query with ldaps # ldapsearch -H ldaps://server -x -LLL -z 0 -D "CN=user,CN=Users,DC=domain,DC=com" -w "p" -b "CN=Users,DC=domain,DC=com" Solved! Thanks 2016-06-19 18:55 GMT+02:00 Trenta sis <trenta.sis at gmail.com>: > Hi, > > First of all thans for you answer. > > I h...

Hi all, I'd like to perform some ldapsearch against my AD domain. And I'd like to be able to perform these ldapsearch using GSSAPI to avoid usage of password in scripts. DC are using default configuration file: ---------------------------------------- # Global parameters [global] workgroup = SAMBA.DOMAIN realm = SAMBA.DO...

Quick-n-easy questions: Let's say user raub is added to group nosy using smbldap-groupmod smbldap-groupmod -m raub nosy Now, according to ol' ldapsearch, ldapsearch -vvv -H "ldaps://ldap.example.com" -D "uid=admin,ou=People,dc=example,dc=com" -W -b "dc=example,dc=com" -s sub "(cn-nosy)" group nosy has a dn attribute that looks like this dn: cn=nosy,ou=PosixGroups,dc=example,dc=com ldapsearch even lists t...

Hi all, I've got on AD DC using Samba 4.4.3 on Centos7 which accept Kerberos connections (kinit is working), which accept ldapsearch with credentials but which refuse ldapsearch with GSSAPI. The issue does not seem to be coming from the client as I discovered this issue writing a script to test all 22 DC, and all 21 others DC are working well from that client. The error: SASL/GSSAPI authentication started ldap_sasl_interactive...

Things goes further. To use GSSAPI and so the Kerberos ticket obtained with kinit I was missing "-Y GSSAPI". It seems GSSAPI and TLS are meant to be used together: ---------------------------------------- ldapsearch -Y GSSAPI -LLL -H ldaps://SAMBA.DOMAIN.TLD SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Server is unwilling to perform (53) additional info: SASL:[GSSAPI]: Sign or Seal are not allowed if TLS is used ---------------------------------------- So, the same using ldap:// ra...

Does ldapsearch work with Samba4 since it has it's own LDAP server? I've seen a number of ldap related posts here and I'm trying to head down that road for Dovecot authentication, but I'm getting stopped right away. For example, the following doesn't work: $ ldapsearch -xLLL -H ldap://localhos...

Hi, I've got ldapsearch mostly working: root at morannon:/usr/local/samba/private/tls# ldapsearch '(sAMAccountName=dumaresq)' SASL/GSSAPI authentication started SASL username: administrator at XXX SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <> (default) with scope sub...

Solved : ) Reminder of the issue: Every services (CIFS, Kerberos, LDAP, DNS, RPC) on one DC were working well and ldapsearch using DN and password were also working. The only thing which was not working was ldapsearch using GSSAPI authentication with the following error: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unsp...

...: - tls_ca_cert_file = <cert> - tls = yes - tls_require_cert = demand Every time it says "Connection error". Only when tls is uncommented it says "TLS required". Additional information from my contact with the openldap-technical mailing list: The ldapsearch under the user dovecot with -ZZ works fine. And they mention that the ldap.conf and dovecot-ldap.conf should have no differences, that is correct no differences. Here is a link to the ldap.conf https://gwarband.de/openldap/ldap.conf And the output of ldapsearch under dovecot: https://gwarband.de/o...

I've replicate the settings from ldapsearch to dovecot but no success. To the certificate: Yes it's a *.crt file but I have linked the *.pem file to it and dovecot has read access to that file. I have enabled the debugging in dovecot and have uploaded the output: https://gwarband.de/openldap/dovecot-connect.log And the other site with...

...ror: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://debian8DC1' with backend 'ldap': (null) Failed to connect to ldap://debian8DC1 - (null) It is possible to keep same or similar configuration used with samba 3 + openldap to make querys to ldap, we have many scripts using ldapsearch... It is possible keep scripts using ldapsearch? Thanks 2016-06-17 16:20 GMT+02:00 Trenta sis <trenta.sis at gmail.com>: > Hi, > > I'm trying to migrate samba 3 NT domain to samba 4 AD, we have migrated > data and it seems correct, but now we need to connect with ldapsearc...

...:00 mathias dufresne <infractory at gmail.com>: > Things goes further. To use GSSAPI and so the Kerberos ticket obtained > with kinit I was missing "-Y GSSAPI". > > It seems GSSAPI and TLS are meant to be used together: > ---------------------------------------- > ldapsearch -Y GSSAPI -LLL -H ldaps://SAMBA.DOMAIN.TLD > SASL/GSSAPI authentication started > ldap_sasl_interactive_bind_s: Server is unwilling to perform (53) > additional info: SASL:[GSSAPI]: Sign or Seal are not allowed if > TLS is used > ---------------------------------------- >...

...estrict anonymous = 2 I have a user jefftest. I found that to set the primary group that user needs to be in that group. If I set the group of jefftest to a new group (both in the UNIX attributes tab and in the Member Of tab) using Active Directory Users and Computers. Then I test the user using ldapsearch against each domain controller and they all have the new values according to ldapsearch in gidNumber. Then I login with jefftest on my joined fedora 27 machine using winbind 4.7.6 as jefftest and run id. It still shows the old group. So I log out as jefftest and in as root and run net cache flush...

...may remove anything in TLSCipherSuite for the purpose of testing > too. > > Hopefully anyone knowing OpenLDAP internals could help you analyse it > more deeply. > > Tomas > > On 03/18/2017 01:31 PM, info at gwarband.de wrote: >> I've replicate the settings from ldapsearch to dovecot but no >> success. >> To the certificate: >> Yes it's a *.crt file but I have linked the *.pem file to it and >> dovecot >> has read access to that file. >> >> I have enabled the debugging in dovecot and have uploaded the output: >>...

More information, making me more crazy: - ldapsearch without SASL is working from any host: ldapsearch -D 'CN=user-ldapmodify,OU=OurUsers,DC=ad,DC=domain,dc=tld' -w Passw0rd -x -ZZ -b 'dc=ad,DC=domain,dc=tld' -h dc106 sAMAccountName=administrator dn - ldapsearch with SASL is not working (Kerberos ticket existing following a working...

Hi, I recently triied to set up a special PDF creation service for a customer. The Samba3 server is a AD2003 member server. Since the created PDF files need to be sent via e-mail to the creators, I need to issue an LDAP query against the AD, like ldapsearch -h 10.243.50.22 -Y GSSAPI -b "ou=user,ou=... ..." \ -LLL '(cn=lastname firstname*)' mail As long as I run this command as root everything is okay. Since ldapsearch isn't setuid root, and the Kerberos credentials cache /tmp/krb5cc_0 is mode 0600 root.root, normal users can...

Hmm... *ldapsearch -x cn=admin* gives me: | # A bunch of information not really interesting | # search result | search: 2 | result: 32 No such object | | numResponses: 1 *ldapsearch -x cn=admin* gives the same. Did i configure the ldap wrong? 2015-02-24 10:42 GMT+01:00 Steffen Kaiser <skdovecot at smail.inf.fh...

Hello, Ldbsearch returns the correct result. However this particular query is performed by an external system (that does not have access to the LDB files), to check whether a certain user belongs to a specific OU or not. The query is performed over LDAP against Samba, so it is not a ldapsearch-only problem. I only used ldapsearch to verify the behavior. Regardless of if the query is wrong or not, I can't influence how this external system performs the query - the only things that can be changed are the search base and the attribute that contains the username. The problem here is...