I am running a virtual setup with vSphere, with two virtual machines, one running CentOS 6 and the other running Windows server 2008
The idea is to use LDAP to connect from the CentOS (as a client) to the Windows Server 2008 (as a server), and trying to access Active Directory from there.
There is a virtual switch between these two virtual machines, and both are running on the same subnet.
On CentOS, I try to run the LDAP to connect to the Win 2008 server with:
ldapsearch -x
The error message I get is:
text: 000004DC: LdapErr: DSID-0C0906DC, comment: In order to perform this operation a successful bind must be completed on the connection., data 0
Meanwhile, I opened the Event Viewer on Windows server, and the error message that I get is:
The directory server has failed to create the AD LDS ServiceConnectionPoint object in Active Directory Lightweight Directory services. This operation will be retried.
Now I'm not exactly sure what the problem is, am I supposed to specify an admin login in the CentOS .conf file? If so, which one?
Or is this a Windows server permission issue?
Any help greatly appreciated!
Best Answer
The error message is fairly straightforward:
That means you need to authenticate before you can query the directory. A typical command line will look something like this:
This connect using simple authentication (
-x) todc.example.comusing LDAP over SSL (ldaps://). I am authenticating aslars@example.comand the command will prompt me for a password (-W). I am searching for records matchingcn=lars.You can also authenticate against AD using Kerberos. Assuming everything is set up correctly, that looks like:
In either case, you generally want to create accounts specifically to act as bind credentials, rather than using an administrative or a user account.
It is possible to configure Active Directory to allow anonymous binds. It is also possible to set up something else -- e.g., OpenLDAP -- as an anonymous bind proxy for AD.