PDA

View Full Version : Setting up an ldap server to be an active directory slave



jlacroix_navsol
08-Jul-2014, 15:16
Hi guys,

I'm having issues setting up my server to be an ldap replication consumer. This is for use in a company, which uses active directory for the network. The goal is for this server to essentially be a slave to the active directory servers. I attempted to configure the server in YaST, underneath "LDAP Server" and then I created a new database as a "replication consumer." I entered all the details that our Windows AD admin gave me, but I receive the following error:


"Initiating the LDAPsync Operation failed"
"Critical extension is unavailable: 00000057: LdapErr: DSID-0C090753, comment: Error processing control, data 0, v1db1"

I then get the option to continue anyway, and if I do, YaST blows away all of my configuration and makes me start over.

Even though I'm inputting all the correct values for the server (as confirmed by our AD admin) the server seems to think something is wrong, and won't cooperate. Documentation on this error in SLES is very scarce. I'm hoping someone here may be able to provide pointers.

Thank you!

jmozdzen
08-Jul-2014, 17:00
Hi jlacroix_navsol,

Hi guys,

I'm having issues setting up my server to be an ldap replication consumer. This is for use in a company, which uses active directory for the network. The goal is for this server to essentially be a slave to the active directory servers. I attempted to configure the server in YaST, underneath "LDAP Server" and then I created a new database as a "replication consumer." I entered all the details that our Windows AD admin gave me, but I receive the following error:



I then get the option to continue anyway, and if I do, YaST blows away all of my configuration and makes me start over.

Even though I'm inputting all the correct values for the server (as confirmed by our AD admin) the server seems to think something is wrong, and won't cooperate. Documentation on this error in SLES is very scarce. I'm hoping someone here may be able to provide pointers.

Thank you!

the error message "Critical extension is unavailable: 00000057: LdapErr: DSID-0C090753, comment: Error processing control, data 0, v1db1" is AFAICT an ActiveDirectory error message.

I'm not an AD expert, not even running AD (I have been into OpenLDAP for years), but my search engine returned with a reference to RFC 4533 : http://www.openldap.org/lists/openldap-technical/201303/msg00200.html

Until I read the referenced message, I'd have said "won't work" - but there might be a way to get it up & running.

What's the actual goal of the replication (above "having a slave")? OpenLDAP is no direct substitute for AD.

It might be helpful to provide info on which SLES you are using and which version of OpenLDAP is installed, for others to jump in.

Regards,
Jens

jlacroix_navsol
08-Jul-2014, 18:15
Hi jlacroix_navsol,


the error message "Critical extension is unavailable: 00000057: LdapErr: DSID-0C090753, comment: Error processing control, data 0, v1db1" is AFAICT an ActiveDirectory error message.

I'm not an AD expert, not even running AD (I have been into OpenLDAP for years), but my search engine returned with a reference to RFC 4533 : http://www.openldap.org/lists/openldap-technical/201303/msg00200.html

Until I read the referenced message, I'd have said "won't work" - but there might be a way to get it up & running.

What's the actual goal of the replication (above "having a slave")? OpenLDAP is no direct substitute for AD.

It might be helpful to provide info on which SLES you are using and which version of OpenLDAP is installed, for others to jump in.

Regards,
Jens
Thanks for the reply. That's pretty much the goal, having a slave to the Active Directory server. This "slave" is to be used in an all-Linux environment, and the existing AD server exists in an all-Windows environment. Essentially, it is to bridge the gap.

The version of SLES is 11 (Just purchased a few months ago).