Questions tagged [ldap]
Lightweight Directory Access Protocol (LDAP) for reading and editing directories over an IP network
2,778 questions
0
votes
0
answers
22
views
Keycloak can't change AD passwords
I have a Keycloak instance that is talking to an AD on Server 2016 via LDAPS. I have verified that the connection to the server is working, that the connection is encrypted, and that the Bind user in ...
0
votes
1
answer
31
views
AD dropping LDAPS connections not from localhost
I'm working with two AD servers in a domain. We also have Keycloak as SSO for all our internet stuff.
We'd like if users could actually change their password via Keycloak, but AD does NOT like it if ...
0
votes
0
answers
53
views
Domain controller not loading certificate for LDAPS
I have Active Directory and can connect using LDAP on port 389.
I enabled LDAPS , but it fails when using ldp.exe with the error:
Cannot open connection
In event viewer I see:
LDAP over Secure Sockets ...
- 503
0
votes
0
answers
16
views
Apache AD authentication with same username in multiple domains
We're having (because reasons) multiple AD domains, all having their own pair of domain controllers. Users can have accounts in any single domain or combination of domains. In the latter, the username ...
- 1
0
votes
0
answers
19
views
OpenLdap configuration for accessing multiple authorisation stores
I have the following scenario and I would like some hints on if feasible and how I could implement it. I consider myself inexperienced with OpenLdap proxying (not with Ldap in general); even though I ...
- 1
1
vote
1
answer
69
views
LDAP Signing GPO enforced, but assessment says it is not
Wanted to start off by saying am not familiar much with LDAP. I just want to make sure LDAP signing is enforced. I've enforced it through GPO specifically the "domain controller: LDAP server ...
Tech_scribe87
0
votes
0
answers
40
views
Google Workspace LDAP Filter by UID in Multi-Domain Structure
I'm having some issues and confusion regarding Google Workspace LDAP and LDAP in general.
I have an organizational unit called example.com. Inside this organizational unit in Google, I have sub-units ...
- 1
0
votes
1
answer
63
views
Unable to logon using LDAP to Active Directory User when "Log On To" restriction configured
I have an Active Directory user, and I can successfully connect to it using LDAP search with the following command:
ldapsearch -x -H <AD_server> -D "cn=user_test,cn=users,dc=<dc1>,dc=&...
1
vote
0
answers
31
views
Transitioning Standalone Ubuntu Desktops to Centralized Management in a College Lab: Best Practices and Pitfalls [closed]
Our college lab consists of 10 Ubuntu desktops, each currently set up as standalone machines on the LAN. I want to transition them to a centrally managed environment while avoiding common pitfalls. I ...
- 11
0
votes
0
answers
58
views
Start LDAP server at boot with Apache Directory Studio
I have an LDAP server running and configured with apache directory studio in linux, but the server stops running when the apache studio window closes and needs to be run manually each time. I want the ...
- 1
0
votes
0
answers
61
views
sssd, autofs - can see autofs maps (samba4, NIS scheme)
I have nfs4 server with one share
[[email protected]] # cat /etc/exports
/srv/public *(rw,sync,no_subtree_check,sec=krb5:krb5i:krb5p)
On Samba i create maps for sssd_autofs - see below with ...
- 191
0
votes
2
answers
101
views
Proprer way to support user and service emails with Postfix/Dovecot
I'm trying to understand the correct approach to support email via Postfix/Dovecot for both network-authenticated users and various network services such as Gitlab.
My network-authentication server is ...
0
votes
0
answers
99
views
Squid 5.9 on Ubuntu 22.04LTS unable to authen using Windows 2022 AD Server
Environment:
Squid OS: Ubuntu 22.04LTS
Squid version: 5.9
Windows DC OS: Windows Server 2022 Standard
Windows AD FFL and DFL: 2008
I was working on couples of days and I am not able to authenticate ...
0
votes
0
answers
56
views
Not able to install Enterprise CA on Active Directory
I am trying to install an Enterprise CA on my Active Directory.
However when I am in the setup, I am not able to select Enterprise CA, does anyone know how to solve this?
I have admin rights on my ...
0
votes
2
answers
87
views
Postfix+Dovecot+Samba DC+LDAP aliases
I need to set up aliases to redirect one user to another. How to do it?
enter code here
1
vote
0
answers
34
views
getent passwd only shows ldap user from OU People
I've connected my Solaris 11 Server with my OpenLDAP Server. The connection works and with "ldaplist" I can see the ldap users that should be in the search base.
Looks like that:
dn: cn=...
- 111
0
votes
1
answer
93
views
LDAP: search by aliased objectClass
I've created an LDAP alias by following the FAQ:
dn: uid=alias,ou=People,dc=example,dc=net
objectclass: alias
objectclass: extensibleObject
uid: alias
aliasedobjectname: uid=target,ou=Retired People,...
- 1,650
0
votes
0
answers
61
views
Avoid LDAP login unless user is manually added to server
I have a PC with Ubuntu desktop 24.04.1 LTS joined to an Active Directory domain. I need to stop the login to that PC for any user that was Not manually added as a Ubuntu user. In other words, if a ...
0
votes
1
answer
57
views
Authenticating to Apache Spark History server with LDAP while deploying on EKS
We are looking for a way to configure LDAP authentication to my Apache Spark Web UI(History server). The Spark instances are running inside a Kubernetes cluster and we have chosen S3 bucket for ...
0
votes
0
answers
108
views
openLDAP add email alias list
Please advise - I am in the process of trying to add following below (taken from old ldap server) to a new server (OpenLDAP | TurnKey GNU/Linux) , I am also new to LDAP as well.
dn: cn=synopsys,ou=...
1
vote
1
answer
268
views
Failed connection to AD when configuring GCDS
I'm configuring Google Cloud Directory Sync for synchronising Google Workspace with Active Directory. When I set LDAP connection settings and test the connection, it returns this error:
Error: ...
google-cloud-platform
0
votes
0
answers
75
views
Is there any way to speed up nslcd LDAP server failover
TL;DR
Even with 2-second timeouts, nslcd "stalls" logins for 14 seconds before switching over to a secondary LDAP server.
Can I speed this up?
My nslcd config
uid nslcd
gid nslcd
uri ldaps://...
- 662
0
votes
0
answers
137
views
Postfix smtpd_sender_login_maps, check for LDAP and a manually created list
I have enabled SASL on my Postfix server and have placed an LDAP configuration file for smtpd_sender_login_maps. It currently looks like this:
ldap_sender_login_maps.cf
server_host = AD.SERVER.com
...
1
vote
0
answers
138
views
Prohibiting the display of attributes of other users in FREEIPA
How can I restrict the viewing of information about other users for a specific user/group on the FREEIPA server? (via user-find or web interface)
0
votes
0
answers
198
views
Automatically add ldap-users to docker-group on Ubuntu 24.04
Many of our students log into our lab-computers (running Ubuntu 24.04) via LDAP. This works perfectly.
I've also edited /etc/adduser.conf regarding EXTRA_GROUPS and ADD_EXTRA_GROUPS, so that every ...
- 130
4
votes
1
answer
299
views
OpenLDAP - BindDN using "o=" for domain name
Usually to query OpenLDAP server I'm using following query
ldapsearch -x -H ldap://host -b dc=domain,dc=com uidNumber=4158
But recently I saw the other way to query
ldapsearch -x -H ldap://host -b o=...
- 143
0
votes
0
answers
30
views
NT Local Service multiple failed login
I'm having this excessive failed login on the NT Local Service account.
Per checking, this is related to openssh ldap authentication.
Hoping you could provide some guidance on how to address this ...
- 31
0
votes
2
answers
187
views
Can an AD Object with deny all permissions for Authenticated Users be recovered?
I have an Active Directory user where Security permissions were set to Deny all for the Authenticated Users principal.
That object now can't be read, such that the type is now Unknown instead of User.
...
- 11
0
votes
0
answers
45
views
Add olcPPolicyConfig to ppolicy overlay
I have an LDAP server, where the ppolicy overlay is already configured.
However it only has the olcOverlayConfig and olcConfig object classes.
I want to add the olcPPolicyConfig objectClass to the ...
- 167
0
votes
2
answers
156
views
Deleting inetorgperson fails with: Server is unwilling to perform (53)
I have set up an OpenLDAP server on Alma 8 with the nis schema and now realise that I need to replace the nis schema by rfc2307bis. The installed schemas are as follows:
[root@foobox schema]# ...
- 242
0
votes
0
answers
118
views
Why do I get "invalid credentials (49)" when trying to add a new user via ldif in openldap on Fedora?
When I run this command:
ldapsearch -x -LLL -b "dc=example,dc=com" -s sub "(objectClass=*)"
I get in return, No such object (32).
However, when I run this:
ldapsearch -x -LLL -s ...
- 113
0
votes
1
answer
289
views
How can I reset the admin password for OpenLDAP on Fedora?
I am on Fedora and set up an OpenLDAP server. I don't remember ever setting an admin password to begin with, but I am having to perform operations where the admin password is prompted. Entering ...
- 113
0
votes
2
answers
545
views
Failed to connect to LDAP server.: javax.naming.AuthenticationException
I have configured ldap in Jboss instance, however it's not being connected to ldap server and throws below error.
02:50:08,512 DEBUG [org.wildfly.security] (management task-1) Obtaining lock for ...
0
votes
1
answer
695
views
The ipa-replica-install command failed, exception: ScriptError: A replication agreement for this host already exists
We have deployed a FreeIPA server in my company and we would like to deploy a replica. I have followed the procedure to deploy it on a personal server and it worked (https://www.freeipa.org/page/V4/...
0
votes
0
answers
129
views
Configuring jboss eap 8 to use ldap authentication
I'm trying to use ldap authentication in jboss eap 8. But I'm stuck while configuring it. user is added to AD group and this group needs to be fetched and authenticated.
Can someone please help
0
votes
1
answer
305
views
LDAP authentication not working despite connection
I have a fresh install of Debian 12.0 that I wanted to authenticate with LDAP following instructions at: https://wiki.debian.org/LDAP/NSS. However, it is not working.
The LDAP server is in a different ...
- 1
1
vote
1
answer
129
views
How does query a user whose "status" attribute value is 1 in OpenLDAP?
All users have "status" attribute, it vaule is 0 or 1.
How does query user whose ldap "status" attribute value is 1 ?
OpenLDAP slapd 2.4.48.
I tried the following but it didn't ...
- 11
-1
votes
1
answer
302
views
Read-only ldap admin OU
I was asked to create a "technical" (meaning not assigned to a person) LDAP account that can read everything in the directory, but no write permission.
Since I hate non-personal accounts in ...
- 109
0
votes
0
answers
89
views
bindDN massage error - rewrite
I am testing a configuration with the rewriteMap option.
I have an error called bindDN message when the rule is redirected.
I think that I didn't use a good regexp for the rule.
My configuration :
...
- 1
0
votes
0
answers
115
views
Can openldap ignore the -z (size limit) parameter in ldapsearch
I have an issue with a client application performing an ldap search against my Ubuntu 22.04 openldap server. As you can see in the wireshark trace, the client is specifying a sizelimit=1 for the ...
0
votes
0
answers
115
views
transient, intermittent "No user exists" errors with SSSD and LDAP
I'm using SSSD and Google LDAP. My users can log (via tailscale SSH, if that matters)
in but after being logged in for a while they get errors like:
No user exists for uid 61270005 (also any command ...
- 113
0
votes
1
answer
254
views
How to rewrite LDAP attributes in slapd when used as a proxy?
I'm currently setting up slapd as a proxy and facing a challenge with rewriting LDAP attributes. I'm aware of the rewrite module (rwm) capability for DNs, but I need to apply similar functionality to ...
- 142
0
votes
1
answer
50
views
I can't log-in to the webserver via LDAP
We using a VM for a web server running with apache2 regulating a specific service. Both SSH-login and logging to the front end were regulated by our LDAP-server. A few weeks ago, some changes were ...
- 105
0
votes
0
answers
578
views
FreeIPA, Keycloak and Radius with OTP used for Wifi, VPN and Docker registry auth result in logging in hell
we have configured our infrastructure to use FreeIPA for user database, keycloak as SSO auth and Radius as auth proxy.
We use everywhere password + OTP policy.
We have several apps connected to ...
- 37
0
votes
1
answer
244
views
No rootDN in DIT after setting up OpenLDAP in Ubuntu 22.04
I am new to LDAP and Directory Services in general (My goal is to import ldif files containing certificates from a Public Key Directory (pkddownloadsg.icao.int/download)).
But I am already failing at ...
- 113
1
vote
0
answers
211
views
FreeRadius not loading clients from LDAP
I am trying to store and use my Radius clients in LDAP. They are defined and present in the LDAP:
$ ldapsearch -x -H ldap://ldap.example.com -D "cn=admin,dc=example,dc=com" -w admin -b "...
- 11
1
vote
0
answers
169
views
Domain user has different umask than expected
I have a network domain with multiple users managed by LDAP and Kerberos.
I'm managing the default umask via pam.d, in my /etc/pam.d/common-session with the line:
session optional pam_umask.so ...
- 111
0
votes
2
answers
254
views
OpenLDAP authentication troubleshooting
I am running an OpenLDAP service using the slapd.d/ configuration style. I am testing creating users and authenticating as user. Here's my test script, which ends with a fail: ldap_bind: Invalid ...
- 1
0
votes
0
answers
98
views
Ceph s3 LDAP not working despite following instructions
I have a problem with LDAP configuration in Ceph. I have a fresh cluster (for testing purposes). No operation has been performed on it except adding certificates to Dashborad and Grafana and issuing . ...
- 11
0
votes
0
answers
288
views
FreeIPA replica - unable to login via web UI
I've installed a freeipa replica (almalinux-8-4.9.12) from my master (centos-7-4.6.8). Both running in docker. On web UI login I get Login failed due to an unknown reason. error.
And any ipa command ...
- 1