The other day I had to authenticate web clients on apache 2.2 (debian etch) to our corporate Active Directory (Windows 2003R2) and I constantly kept getting an error like the following:
[Wed Jun 06 19:08:56 2007] [warn] [client 10.10.1.2]  auth_ldap authenticate: user foo authentication failed; URI /secret [ldap_search_ext_s() for user failed][Operations error]
Only after a couple of google searches, a couple of network sniffs (which all seemed to go well - bind and then search both successful) and a bit of trial and error I found out that I had to turn off referrals in /etc/ldap/ldap.conf :
For the record this is the configuration snippet in apache:
<Directory /var/www/secret> AuthBasicProvider ldap AuthType Basic AuthName "Ldap Test Area" AuthLDAPURL "ldap://pdc.domain.msft:389/DC=DOMAIN,DC=MSFT?sAMAccountName?sub?(objectClass=user)" NONE AuthLDAPBindDN "LDAPROUser@DOMAIN" AuthLDAPBindPassword "foo" require ldap-attribute objectClass=user </Directory>
Updated my jabber address: firstname.lastname@example.org
Update your contacts
Besides the massive amount of packages and architectures supported by Debian, I think one of my favourite capabilities of Debian in respect to many other distributions, is the possibility of doing a remote upgrade without issues. Today I dist-upgraded our server from Sarge+Backports to Etch in about an hour. Just a couple of small fixes were needed, but nothing specifically tied to Debian (a change in postfix 2.3 and a couple of home-grown scripts that were still looking for python2.3). ;)
I've gotten a hold of an Aladdin eToken Pro32k USB Token, and tried to configure it for an OpenVPN setup of mine. Here are the notes I gathered (For now they're Windows only, I plan to setup the Linux client as soon as I get around to do it). HTH :)
Here are the steps in order to query DB2 on AS/400 froma Debian Etch box:
apt-get install unixodbc unixodbc-bin rpm
Install the gratis (non-free) iSeries Access package from IBM.
Follow the instructions on this link.
Unpack the downloaded rpm package and copy thefiles under /opt:
/tmp; rpm2cpio iSeriesAccess-5.2.0-1.14.i386.rpm | cpio -id && cp -avf opt/* /opt/
Add /opt/ibm/iSeriesAccess/lib to /etc/ld.so.conf
Register the newly installed odbc driver:
srvdebian:/opt/ibm/iSeriesAccess# odbcinst -i -d -f unixodbcregistration
odbcinst: Driver installed. Usage count increased to 1.
After setting it up, you can use _DataManager _to test your login and work on your AS/400 DB
So the other day a colleague at work asks about exporting data from Active Directory in csv format, in order to push it on to a DB on an AS/400 box. Given that I need to change the separator and that I need to change the encoding of the output file, in order to get some extra flexibility, I just hacked up my own script adcsvdump.cs ... works pretty much out of the box with just small .config tweaking needed for your setup.Paolo Conte - Avanti Bionda