Can't make updates with LDAP from Linux box to Windows AD

Posted by amburnside on Server Fault See other posts from Server Fault or by amburnside
Published on 2012-12-20T09:23:17Z Indexed on 2012/12/20 11:04 UTC
Read the original article Hit count: 350

Filed under:
|
|
|

I have a webapp (built using Zend Framework - PHP) that runs on a Linux environment which needs to authenticate against Active Directory on a Windows server.

So far my webapp can authenticate with LDAPS, but cannot perform any kind of write operation (add/update/delete). It can only read.

I have configured my server as follows:

  1. I have exported the CA Certificate from my Windows AD server to /etc/opendldap/certs
  2. I have created a pem file based on this certificate using openssl
  3. I have update /etc/openldap/ldap.conf so that it knows where to look for the pem certificate:

    TLS_CACERT /etc/openldap/certs/xyz.internal.pem

When I run my script, I get the following error:

0x35 (Server is unwilling to perform; 0000209A: SvcErr: DSID-031A1021, problem 5003 (WILL_NOT_PERFORM), data 0 ):

Have I missed something with my configuration, which is causing the server to reject making updates to AD?

© Server Fault or respective owner

Related posts about linux

Related posts about php