How to enable anonymous ldap

Hello,

i would like to auth reddoxx against ucs OpenLDAP.

I think i need to enable anonymous ldap auth.

I did:
univention-config-registry set ldap/acl/read/anonymous=yes
/etc/init.d/slapd restart

root@ucs:~# univention-config-registry get ldap/acl/read/anonymous
=> yes

But from an external ip i still get:


# ldapsearch -x -b dc=hq,dc=example,dc=net -h <ucs-server-ip>
# extended LDIF
#
# LDAPv3
# base <dc=hq,dc=example,dc=net> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 1 Operations error
text: 00002020: Operation unavailable without authentication

# numResponses: 1

The ldap log shows:

Jan 28 16:02:52 ucs slapd[1409]: conn=1034 op=57 SRCH base="dc=hq,dc=example,dc=net" scope=2 deref=0 filter="(&(&(kopanoAccount=1)(|(objectClass=kopano-user)))(|(uid=reddoxx)))"
Jan 28 16:02:52 ucs slapd[1409]: conn=1034 op=57 SRCH attr=objectClass kopanoSharedStoreOnly kopanoResourceType kopanoSecurityGroup entryUUID gidNumber ou cn cn modifyTimestamp
Jan 28 16:02:52 ucs slapd[1409]: conn=1034 op=57 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 28 16:02:52 ucs slapd[1409]: conn=1034 op=58 SRCH base="dc=hq,dc=example,dc=net" scope=2 deref=0 filter="(&(&(kopanoAccount=1)(|(objectClass=kopano-user)))(entryUUID=32c11582-d628-1039-9c27-250afbec7288))"
Jan 28 16:02:52 ucs slapd[1409]: conn=1034 op=58 SRCH attr=dn
Jan 28 16:02:52 ucs slapd[1409]: conn=1034 op=58 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 28 16:02:52 ucs slapd[1409]: conn=1212 fd=22 ACCEPT from IP=192.168.150.7:54574 (IP=0.0.0.0:7389)
Jan 28 16:02:52 ucs slapd[1409]: conn=1212 op=0 BIND dn="uid=reddoxx,cn=users,dc=hq,dc=example,dc=net" method=128
Jan 28 16:02:52 ucs slapd[1409]: conn=1212 op=0 BIND dn="uid=reddoxx,cn=users,dc=hq,dc=example,dc=net" mech=SIMPLE ssf=0
Jan 28 16:02:52 ucs slapd[1409]: conn=1212 op=0 RESULT tag=97 err=0 text=
Jan 28 16:02:52 ucs slapd[1409]: conn=1212 op=1 UNBIND
Jan 28 16:02:52 ucs slapd[1409]: conn=1212 fd=22 closed

Here they write: REDDOXX Anmeldung an UCS

...dass REDDOXX bei der Authentifizierung ein “Anonymous bind” erwartet.

Thanks,
Michael

Argh, i need to query port 7389 for direct ldap access.
Port 378 seems to be samba.

I still cant auth, though :unamused:

I have been having this same issue, seems that no matter what credentials I apply I get an “invalid credentials” error or invalid DN message. I have tried all combinations of ports and SSL, Etc. (389, 636, 7389, 7636). I have also allowed anonymous queries with no success.

Specifically I have been trying to get several services to authenticate against the UCS directory but this seemingly simple error is preventing me from moving forward.

How can another server authenticate against the Ad or OpenLDAP? I have tried with OPNsense, Sophos XG, and a few other services including a Nextcloud docker instance. I am using the self signed certificate though I have tried with Let’s Encrypt as well as importing the root certificate into the appliances.

Thanks for any pointers!

Hello, has anyone managed to solve this problem? I need to authenticate internal applications and I get the same error, it would be very useful if they shared the solution if they found it.

regards

Mastodon