[CentOS] LDAP Authentication to Lotus Domino?

Wed Jan 7 04:14:10 UTC 2009
Craig White <craigwhite at azapple.com>

On Tue, 2009-01-06 at 19:47 -0700, Charles Richards wrote:
> Has anybody done any authentication to Lotus Domino using LDAP?
> 
> I selected LDAP options in the "authconfig-tui" application, per the  
> documentation here:
> 
> http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-ldap-pam.html
> 
> 
> when I try to query the directory for user information though, I get  
> no results using the ldapsearch command
> 
> [root at ldapclient ~]# ldapsearch -x uid=crichards
> 
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope subtree
> # filter: uid=crichards
> # requesting: ALL
> #
> 
> # search result
> search: 2
> result: 0 Success
> 
> # numResponses: 1
> 
> 
> I'm  not quite sure what I'm missing, as I can manually query the  
> directory for, say, a uid,  with the "ldapsearch" command with options  
> specified and it returns the correct info from the directory.
> 
> [root at ldapclient ~]# ldapsearch -H ldap://domino.mydomain.com -W -D  
> Charles\ Richards -x uid=crichards
> 
> Enter LDAP Password:  ****
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope subtree
> # filter: uid=crichards
> # requesting: ALL
> #
> 
> # Charles Richards, NewPush
> dn: CN=Charles Richards,O=MyDomain
> cn: Charles Richards
> mail: CRichards at mydomain.com
> displayname: Charles Richards/MyDomain
> messagestorage: 1
> encryptincomingmail: 0
> roaminguser: 0
> 
> <snip> ...
> 
> 
> I have a feeling I'm missing something in my /etc/ldap.conf regarding  
> how I'm binding to the directory (I've tried using my CN=Charles  
> Richards for the binddn and rootbinddn to no avail...)
> 
> 
> Any tips or info are greatly appreciated!
----
I'm not sure that I'm going to be all that helpful here but...

> # search result
> search: 2
> result: 0 Success

actually means that 1 - You did successfully bind to LDAP and 2 - that LDAP gave you all the records that matched your filter.

since you gave us, "dn: CN=Charles Richards,O=MyDomain"...

ldapsearch -x 'cn=Charles Richards'

would actually return that same record 

The tips/info that I would give you is buy the book...LDAP System Administration by Gerald Carter because that simplifies the whole LDAP/System authentication thing.

Craig