Ok, this is clearer.
Such a request will never work with a plain LDAP server. The Name must
be a DN, aka something like cn=John Doe, ou=apache, dc=org
Here it's myorg\ldaptest1, which is not supported.
I haven't touched a Windows machine for decades, so I won't be very
useful, but my take on this is that you most certainly need to use a
SASL bind to deal with such credentials.
On 07/11/2023 16:16, Shirley Tarboton wrote:
MessageType : BIND_REQUEST
Message ID : 1
BindRequest
Version : '3'
Name : 'myorg\ldaptest1'
Simple authentication : '(omitted-for-safety)'
Note:
Logs before bind request:
4297 [main] INFO
org.apache.directory.api.ldap.schema.manager.impl.DefaultSchemaManager
- MSG_16015_LOADING_ENABLED_SCHEMA (microsoft, Schema Name: microsoft
Disabled: false
Owner: 0.9.2342.19200300.100.1.1= admin
,2.5.4.11= system
Dependencies: []
SchemaLoader : )
5256 [main] INFO org.apache.directory.server.ldap.LdapServer -
Successful bind of an LDAP Service (10348) is completed.
5256 [main] INFO org.apache.directory.server.ldap.LdapServer - Ldap
service started
On 7 Nov 2023, at 13:50, Emmanuel Lécharny <[email protected]> wrote:
On 07/11/2023 14:00, Shirley Tarboton wrote:
Hi,
Is this snippet sufficient ?
5425 [pool-4-thread-1] INFO
org.apache.directory.server.ldap.handlers.request.BindRequestHandler - The myorg\ldaptest1 principalDN cannot be found in the server : bind failure.
It's looking for an entry which DN is not a DN: myorg\ldaptest1
Can you also post the bind request you send?
5426 [pool-4-thread-1] INFO
org.apache.directory.server.core.api.interceptor.context.BindOperationContext - Bad authentication for null
Many thanks
On 7 Nov 2023, at 12:39, Emmanuel Lécharny <[email protected]> wrote:
Hi,
On 07/11/2023 12:44, Shirley Tarboton wrote:
Hi All, first time posting on here …
We have a set of services that we deploy to different environments,
some of which use OpenLDAP, but others use Active Directory. We’ve
modified our code to allow for different configuration and to
integrate with ActiveDirectory, and are now updating the unit tests
to test both scenarios based on additional configuration. We’ve
attempted to update the users.ldif for the ActiveDirectory unit
test to include sAMAccountName by making Microsoft-compatible
Schema changes. After a lot of tweaks, the users.ldif changes seem
to be accepted, but the BindRequestHandler cannot find the principalDN.
Can you attach the logs you get?
Just wanted to check whether anyone has tried this before? Are we
wasting our time? Shall we switch to mock testing instead?
Many thanks for your help
--
*Emmanuel Lécharny* P. +33 (0)6 08 33 32 61
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
--
*Emmanuel Lécharny* P. +33 (0)6 08 33 32 61
[email protected]
--
*Emmanuel Lécharny* P. +33 (0)6 08 33 32 61
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
