how to verified LDAP on Linux machine
According to the error, you need to authenticate yourself and get bound to some appropriate object in DIT (Directory Information Tree) which is authorized to perform your search.
Details depend heavily on your DIT structure and DC configuration and DIT structure, but you are using simple authentication (-x
), so you might be able to do a simple bind as follows:
ldapsearch -x -h domainController.apple.com -b "dc=apple,dc=com" -D "uid=you,ou=People,dc=apple,dc=com" -W
where -D
to specify an object to bind, -W
to prompt for bind password. uid=you,ou=People,dc=apple,dc=com
must be authorized for accessing other objects.
Related videos on Youtube
Comments
-
maihabunash over 1 year
I want to test the LDAP connectivity between my linux machine to the windows domain controler , so I installed successfully the tool- ldapsearch
The Linux machine do authentication of users agaisnt the domain controller ( win machine )
so to test the LDAP I run this command
ldapsearch -x -h domainController.apple.com -b "dc=apple,dc=com"
what I get is that:
# extended LDIF # # LDAPv3 # base <dc=apple,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 1 Operations error text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this ope ration a successful bind must be completed on the connection., data 0, vece # numResponses: 1
can someone help me to understand the results here from ldapsearch tool?
or maybe the syntax in the command ldapsearch isnt right ?
the ldap.conf as defined in my linux machine:
more /etc/ldap.conf logdir /var/log/ldap debug 0 referrals no deref never nss_getgrent_skipmembers yes host domainController.apple.com base DC=apple,DC=com uri ldap://domainController.apple.com/
-
maihabunash almost 9 yearsthx , but what is the ou=People ? ( what need to set here ? )
-
maihabunash almost 9 yearsI guess uid is the unix ID as example - 63633?
-
yaegashi almost 9 yearsThat DN
uid=you,ou=People,...
is just an example, you need to find your own in your AD server. DIT structure likeuid=yaegashi,ou=People
is mapped to user accounts and very common in the unix world. You absolutely have different structure with AD, so look into the content in your own server.