Charles Richards wrote: > Has anybody done any authentication to Lotus Domino using LDAP? > > I selected LDAP options in the "authconfig-tui" application, per the > documentation here: > > http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-ldap-pam.html > > > when I try to query the directory for user information though, I get > no results using the ldapsearch command > > [root at ldapclient ~]# ldapsearch -x uid=crichards > > # extended LDIF > # > # LDAPv3 > # base <> with scope subtree > # filter: uid=crichards > # requesting: ALL > # > > # search result > search: 2 > result: 0 Success > > # numResponses: 1 > > > I'm not quite sure what I'm missing, as I can manually query the > directory for, say, a uid, with the "ldapsearch" command with options > specified and it returns the correct info from the directory. > > [root at ldapclient ~]# ldapsearch -H ldap://domino.mydomain.com -W -D > Charles\ Richards -x uid=crichards > > Enter LDAP Password: **** > # extended LDIF > # > # LDAPv3 > # base <> with scope subtree > # filter: uid=crichards > # requesting: ALL > # > > # Charles Richards, NewPush > dn: CN=Charles Richards,O=MyDomain > cn: Charles Richards > mail: CRichards at mydomain.com > displayname: Charles Richards/MyDomain > messagestorage: 1 > encryptincomingmail: 0 > roaminguser: 0 > > <snip> ... > > > I have a feeling I'm missing something in my /etc/ldap.conf regarding > how I'm binding to the directory (I've tried using my CN=Charles > Richards for the binddn and rootbinddn to no avail...) > The bad news are that you can't use the integrated LDAP in domino for something else than domino attributes. You can't modify or add external schemas (like posix, samba, etc ...) , or has that changed ? Last time i looked at that it wasn't. Even their email addresses are not really compliants because it's a combination of the mail, uid and other attributes (like short name/alternate name) I had to put a sendmail relay box in front of multiple domino servers and i prefered querying the ldap once and build a local access table for sendmail than querying the domino ldap for each incoming mail. BTW i had to specify '-b ROOT' for the ldapsearch command before i could list the attributes Hope that it helps -- - Fabian Arrotin <fabian.arrotin at arrfab.net> "Internet network currently down, TCP/IP packets delivered now by UPS/Fedex ..."