Connecting to OS X Open Directory LDAPv3

C_Marcera · January 9, 2006, 9:02pm

Ok, 3 hours later and I just can’'t get this to work.

Clean install of Wildfire using the local database allows it to work. I fire up Wildfire, enable the debugLog, then stop Wildfire. Then I edit my wildfire.xml file to contain this:

[/b]

I’'ve added myself in the authorized admin property… when I start Wildfire back up, the debug log gives me this:

2006.01.09 15:12:04 Trying to find a user’'s DN based on their username. uid: chris.m, Base DN: ou=users,dc=enterpe,dc=com…

2006.01.09 15:12:04 Creating a DirContext in LdapManager.getContext()…

2006.01.09 15:12:04 Created hashtable with context values, attempting to create context…

2006.01.09 15:12:04 Exception thrown when searching for userDN based on username ‘‘chris.m’’

javax.naming.AuthenticationException: LDAP: error code 49 - Invalid Credentials

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source), etc, etc, etc[/b]

My biggest problem is the lack of knowledge of LDAP I think… I went to the OS X Server running Open Directory and am searching everywhere in the LDAP configuration, but I just can’‘t seem to find the right combination of variables under ‘‘baseDN’’ and ‘‘adminDN’’. Sorry to leave the question so vague and open-ended, but I’'m stumped.

Thanks in advance!

-C.

C_Marcera · January 10, 2006, 11:56pm

Any ideas?

Luis_A_Uriarte · January 11, 2006, 1:28pm

Is a password problem

C_Marcera · January 11, 2006, 11:03pm

I am sure the Administrator Password is correct and I’‘ve tried connecting as several users, all who’'s passwords I am sure are correct.

Has anyone out there gotten Wildfire to connect to an OS X server running LDAP?

Noah_Campbell · January 12, 2006, 2:51pm

If memory servers, OS X is running slapd a.k.a OpenLDAP. Try doing an ldapsearch on the command line. Also check to make sure that CN is the attribute you want to base your login on. Sometimes it’'s uid (at least in linux and sAMAccountName in windows).

Noah

Jay · January 31, 2006, 2:33pm

You need to know where your users are stored in ldap (for the baseDN). Try using the commandline ldapsearch to look for a known user:

ldapsearch -h 192.168.0.90 -x ‘‘uid=username’’ dn

This should return the distinguished name (dn) of the user. In most cases, though, you want your baseDN to be something like dc=enterpe,dc=com

Also, assuming the above ldapsearch command worked, you can leave adminDN and adminPassword blank. If the above command did not work, try this:

ldapsearch -h 192.168.0.90 -D “cn=Administrator,ou=Users,dc=enterpe,dc=com” -W -x ‘‘uid=username’’ dn

If that works, then you need to use the adminDN and adminPassword you supplied. If that still dosnt work, you need to figure out a user and password that can view everything in ldap and use that for the adminDN and adminPassword.

C_Marcera · February 1, 2006, 8:18pm

extended LDIF

LDAPv3
base <> with scope sub
filter: uid=Administrator
requesting: dn

search result

search: 2

result: 32 No such object

numResponses: 1

/code

After running the first command - that was my result. I assume the ‘‘numResponses: 1’’ means it worked?

When running the second command, it asks for a password. When I enter the Administrator’'s password for the OpenDirectory, I get “Invalid Credentials” - but theoretically, with the first command working - it should work with the adminDN fields blank… right?

C_Marcera · February 1, 2006, 8:35pm

Got it to work!!!

Thanks everyone for your help - I really appreciate everyone’'s input

For the record:

[/code]