Questions tagged as ['ldap']

Lightweight Directory Access Protocol (LDAP) for reading and editing directories over an IP network
Score: 1
Francesco avatar
Can SSSD authenticate via LDAP with anonymous binding either forbidden in ACLs and with 'olcRequires: authc' enforced?
jp flag

I manage a LAN with a list of users accessing their NFS-shared homes while being auhtenticated via NIS/YP (CentOS/Fedora-based clients and servers).

I'm in the painful process of migrating out of NIS/YP (which is slowly but irreversibily being phased out on Red Hat and the like) to what seemed the least-difficult-to-setup replacement for the authenticating part, SSSD (for the clients) and LDAP (f ...

Score: 0
Vinayak avatar
sshd cipher and request.getRemoteUser()
ca flag

I had a working application which fetches the username after ldap authentication using request.getRemoteUser()

But after applying some sshd ciphers. The code is giving null as result.

I want to know what exactly has happened and how to bring changes to sshd so that my code will work like before.

NOTE: I noticed that some ports are also not working. But i am least concered about that. x11 something is a ...

Score: 1
Debugging Active Directory Login with MongoDB
eg flag

I am trying to log into MongoDB using an active directory username. We're using Percona for MongoDB but I believe this really should be pretty similar to regular MongoDB 5.x authentication.

We've tried variation after variation. Here's the most recent attempt:

      mode: requireTLS
      allowConnectionsWithoutCertificates: true
  authorization: enabled
Score: 0
Why does my 389-ds configuration work over LDAP but not LDAPS?
kr flag

Sorry if this has been asked before, but when I searched for similar issues, I got results like these (that make no sense to me).

I've been trying to set up 389-ds using Red Hat's Directory Server 11 documentation on two fully-updated Rocky Linux 8.6 servers. My servers are and and are on the same subnet. I've set up each server's /etc/hosts file using their pri ...

Score: 0
Twister avatar
Creating an OpenLdap specific administrator group on LDAP
bm flag

I'am trying to create a simple specific administrator group on my OpenLdap server that is running slapd. There is currently no slapd file, and I have been working with the cn=config format.

I want to create a group with a user in it who can only manage what is in this group or below.

For example:

dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: to dn.subtree="cn=cry,ou=gr ...
Score: 0
Marek avatar
Apache - Active Directory LDAP authorization
th flag

I'm running Apache 2.4 on Fedora 34.
I've configured user authorization based on Active Directory usernames and passwords with "ldap_module" and "authnz_ldap_module" and this entry is working:

AuthLDAPBindDN "CN=ldap_bind,CN=Users,DC=domain,DC=com,DC=pl"

When I move "ldap_bind" user to another OU in AD and change the configuration like this:

AuthLDAPBindDN "CN=ldap_bind,OU=Tech users,OU=MyOU,DC=doma ...

Score: 0
darenkster avatar
How to increase the number of groups send by ADFS via SAML to Jenkins?
lr flag

Yesterday we managed to integrate the CI Server Jenkins with Microsoft ADFS via SAML 2.0. When configuring the roles in Jenkins to the recieved groups of the user we noticed that only 80 groups are shown in the user profile in Jenkins. Looking in the logs it seems that only 80 groups were send via the SAML Repsonse. Unfortunately the groups with we use to manage the access control were not there. I assu ...

Score: 1
Postfix LDAP aliases - user unknown
np flag

I have server POSTFIX + DOVECOT with LDAP (ActiveDirectory) authorization.


query_filter = (&(objectClass=person)(mail=%s))
result_filter = %s
result_attribute = mail


query_filter = (&(objectClass=person)(othermailbox=%s))
result_attribute = othermailbox


pass_filter = (& ...
Score: 0
How a database appear on LDAP RHDS 11 vs RHDS 10
br flag

We are migrating RHDS 10 to 11. we have 4 databases that we have replicated thanks to 4 replications agreement. It's working fine. The 4 databases looks like this :

dc=example,dc=com (example DB)
ou=BusinessOrganizations,dc=example,dc=com (BusinessOrganizations DB)
ou=customer_people,dc=example,dc=com (customer_people DB)
ou=disable,dc=example,dc=com (disable)

When I look for them on Apache directory  ...

Score: 0
tux avatar
Apache2 LDAP Authentication - invalid Username leads to Error 500
in flag

I have a directory on my apache2 that only a certain group of my active directory should be able to access. This is in my apache2.conf:

<Directory /var/www/html/mydirectory/>
        AllowOverride All
        AuthType Basic
        AuthName "Apache LDAP authentication"
        AuthBasicAuthoritative Off
        AuthBasicProvider ldap
        AuthLDAPURL "ldap://,DC=my-domain, ...
Score: 0
Can't bind Macs to Active Directory, it's not time synchronization, what else could be wrong?
in flag

Mac computers are unable to bind to our Windows Active Directory server. The error is the unhelpful Node name wasn't found (2000). Windows and Samba clients have no problem. All the systems on our LAN use our internal bind9 1:9.16.1-0ubuntu2.10 name server. Active Directory is running on Windows Server 2019

Almost all internet solutions recommend explicitly reconfiguring the AD server and the Mac ...

Score: 0
Vahid Heydari avatar
Connect to remote LDAP server via Guacamole
cn flag

Ubuntu 20.04 Guacamole 1.3.0 guacamole-auth-ldap-1.3.0

/etc/guacamole/ Ldap-hostname: x.x.x.x Ldap-port: 389 ldap-user-base-dn: CN=serv,OU=Invis,DC=invis,DC=com

Error: ERROR o.a.g.a.ldap.LDAPConnectionService - Binding with the LDAP server at "localhost" as user ",CN=serv,OU=Invis,DC=invis,DC=com" failed: ERR_04110_CANNOT_CONNECT_TO_SERVER Cannot  ...

Score: 1
Nec avatar
ejabberd: ldap_filter in LDAP Active Directory
cn flag

TL;DR: How to setup ejabberd to only allow some Active Directory group members?


After having successfully set up an ejabberd service plugged in to our AD, I'd like to narrow the allowed users to a specific group.

My working setup is :

auth_method: [ldap]
  mail: "%u@domain.lan"
ldap_base: "OU=FON,OU=Domain,OU=Global,DC=domain,DC=lan"
ldap_rootdn ...
Score: 0
Medera avatar
ldap connection with switch HP 5700 flexFabric
ni flag

Can I restrict ssh login access to my HP Switch 5700, 5800 series using active directory groups?

ldap is working fine when the search-base-dn is using an OrganisationUnit.

search-base-dn OU=privilegedUser,OU=User,DC=company,DC=com

Using a global group with typ security is not working.

search-base-dn CN=switch-admins,OU=groups,OU=User,DC=company,DC=com


ldap server domain_name
search-b ...
Score: 0
MrBool avatar
Open LDAP Add Authorization Rules
jp flag

Good evening,

I have a question of understanding:

The users are already created in Open LDAP. Suppose I add authorization rules to the LDAP server via a script.

If I were to run this script again to add the rules again, what would happen on the LDAP server?

Should the rules be overwritten properly? Or can there be some problems.

Score: 0
Sriram avatar
ldapsearch Or other means to verify users
cn flag

I tried a few answers on ldapsearch usage and yet couldn't authenticate with the ldap service from a linux server. I am not sure what parameters to use? I am trying this command

ldapsearch -x -D "uid=$user,dc=xyz,dc=com" \
           -W -H $ldp -b "dc=xyz,dc=com" \
           -s sub 'uid=$user'

Error :
Enter LDAP Password: 
ldap_bind: Invalid credentials (49) ...
Score: 0
Arne Fallisch avatar
OpenLDAP Access handling
in flag

I have installed OpenLDAP on Ubuntu Server 20.04. It works fine so far. Now I want to restrict access to the server, as by now anyone can read all entries e.g. in Thunderbird. Therefore I created a ldif file like this:

dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: to attrs=userPassword
  by self write
  by anonymous auth
  by * none
olcAccess: to attrs=shadowLast ...
Score: 1
Noosrep avatar
Google Cloud Directory Sync java nullpointer exception
in flag

I'm trying to do some testing with Google Cloud Directory Sync and Active Directory, but whatever I do, I always get nullpointer exeptions. As far as I can find GCDS is a Java application. The GCDS installer installs a version of the Java run-time environment in a sub-folder so it shouldn't be a issue that the wrong version of java is installed or something like that?

When I try to open a configf ...

Score: 0
Gurpreet Singh avatar
How to setup Ldap user to change password at first login
gb flag

I am using ubuntu 20.4 with LDAP 6.7 on web browser. I am able to add users, groups and even logged in on client machine. but unable to setup Ldap user to change password at first login at the client side.

Please help me if anyone can.


Score: 0
How to Intercept and cache LDAP Search and Bind requests
cn flag

I have a production web server running Django. Currently every request made requires an LDAP Bind and Search request. I can use the django-auth-ldap plugin to enable LDAP Search caching. However, my problem is that I am in an environment that sometimes loses connection to the main AD server(s). When this happens LDAP Bind will fail. I was wondering if there is a good option for caching both LDAP Binding ...

Score: 0
SSSD alternative for pam_authz_search option in nslcd
ca flag

I have servers based on RHEL 7 and 8. RHEL 7 serevers use nslcd to work with a LDAP server, RHEL 8 use SSSD.

For RHEL 7 I can provide access for users to allowed hosts only. This functions is covered by the option in the nslcd.conf:

pam_authz_search        (&(objectClass=posixAccount)(uid=$uid)(|(host=$hostname.\*)(host=\\*)))

I use the option "host=$hostname.\* " for regular users who have l ...

Score: 0
Sébastien avatar
SSH local authent takes 100s when LDAP server DOWN/unreachable
cn flag

My use case is the following: I have EC2 in an autoscaling group. When my ldap servers are down (or network issue), I can't use ldap authentification so I have a local user on my servers. But when I try to connect with SSH with my local user to a new EC2 that has just been created, it first takes 7 minutes from the moment the EC2 is running to the moment SSH is available (during this time, SSH return er ...

Score: 0
Justin Cervero avatar
Is it possible to restrict which object classes a dynamically linked auxiliary class can be added to when extending the AD schema?
cn flag

I've created a custom auxiliary class for the purpose of adding attributes to AD Group objects. I'm dynamically linking the auxiliary class to individual Groups. I can successfully add it to the objectClass of Group objects but I can also add it to other object types. I can't seem to find any clear documentation on how to restrict it to only Group objects. I've tried setting systemPossSuperiors/Po ...

Score: 0
Deactivate user access to SAMBA file server in LDAP while maintaining access to other services
ru flag

I am trying to cut off access of an ldap user to samba server. Disabling password is not an option, since the user needs to maintain access to other services like Nextcloud which is connected to the same ldap directory. How would I achieve this?

This is how my ldap directory for this user looks like:

ldap sirectory - screenshot

Score: 0
termux avatar
Active Directory/LDAP replication Windows/Ubuntu
cn flag

I am trying to setup replication between a Windows AD and OpenLDAP on Ubuntu.

Access to the Windows AD server seems to work OK, the OpenLDAP on Ubuntu also seems to work, however I am getting stuck on setting up the replication between both - I am new to AD/LDAP and there might be some concepts I'm missing.

I am able to list users on the remote (Windows) AD:

ldapsearch -x -h -D 'CN=LDAP Ope ...
Score: 0
How to increase OpenLDAP DN max length?
cn flag

The maximum length of an OpenLDAP DN seems to be 255 characters.

How can this value can be increased?

Score: 0
Filter for User Domain Name in LDAPv3 (not AD)
tf flag

I try to get my UID out of the LDAP by a filter that can recognize the whole user with the (internal) domain. For example: (Internal) LDAP Domain is "office.intern" and the user (uid) is "peter.pan" and email is "". But i want to search/filter for "peter.pan@office.intern" as the whole qualified domain user name (User Principal Name) to find "peter.pan". And i have no clue how th ...

Score: 0
Philip Colmer avatar
SSH to Windows server, fetching public keys from LDAP
cn flag

We've got an established process where users connecting to an Ubuntu server via SSH have their public keys retrieved from our LDAP infrastructure and then PAM sets up their home directory, etc.

I need to set up a standalone Windows server but the users still want to use SSH to connect to it. I'm therefore looking into how to try and replicate the Ubuntu experience onto Windows.

As far as I can tell, ...

Score: 0
Dovecot Authenticating with Active Directory, username with period not going through
pl flag

I have been struggling the past 2 days. My conf file is like this:

hosts           =
ldap_version    = 3
auth_bind_userdn = %Ln
auth_bind       = yes
dn              = admin
dnpass          = mypass
base            = cn=users,dc=example, dc=com
scope           = subtree
deref           = never
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter = (sAMAccountName=%Ln) ...
Score: 0
Problems sudoing using a host connected to Active Directory (sssd, kerberos local sudoers file)
pl flag

I am configuring Active Directory authentication for an Alma 8 box using SSSD, Kerberos, and initial SSH key for log in stored in an Active Directory object, and a local sudoers file that lists groups permitted to sudo.

I have connected the server to the domain and been able to authenticate as a domain user user, logging in initially using the SSH key. An AD domain password must subsequently be s ...