We have an AD server running and it works for every windows machine on our domain for authentication across many services.
We recently brought a RHEL6 machine online and are trying to configure a specific application which should authenticate using the same directory. To do this, we've installed the openldap-clients and all those packages.
However, ldapsearch returns "invalid credentials" when we use this string:
ldapsearch -H ldaps://<ldap-server> -x -W -D 'cn=admin,ou=People,dc=example,dc=com' -b 'dc=example,dc=com'
> ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
According to this there is a requirement that openldap communicates with AD over SSL, so we're doing that.
We have many windows applications that connect through AD so we are fairly certain that AD is at least configured right for that.
However, no matter what user we try to bind, and what password, our credentials are invalid.
Has anyone seen this? Is there something simple we're missing? As far as I can tell, this should work. Is it possible that AD is not entirely configured for openldap communication?
When I run something like:
ldapsearch -LLL -x -H ldaps://<ldap host> -D CN=admin,OU=People,DC=example,DC=com -b DC=example,DC=com
I'm returned the error:
>Additional information: 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580
Debug mode shows that I successfully connect to the AD, but I cannot seem to bind. Has anyone experienced this?
First verify that the
binddnafter the -D matches thecnof the user you're trying to bind as exactly. If it does and you're still unable to bind, you can try switching it to the UPN format: [email protected]