After upgrading from 2.1.30-r5 to 2.2.28, my applications are unable to connect to ActiveDirectory. I initially thought the problem to be LDAPS(636) specific, but I'm also unable to connect to 389. I'm having no problems connecting to eDirectory (both 389/636). I can verify that the ActiveDirectory server is listening and performing queries. This problem exists on two servers that have the same version of openldap. Currently, I'm querying via PHP application. Here is the error I recieve from the application: Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /var/www/localhost/htdocs/connect.php on line 22 Again, I can verify that credentials are correct, in fact this script has not changed since the upgrade. Here is output of using ldapsearch on either box to ActiveDirectory server (I adjusted dn and user for privacy): # ldapsearch -D cn=testuser,ou=USERS,dc=mydomain,dc=net -W -H ldap://ads.test.net:389 Enter LDAP Password: ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 Originally, to perform ActiveDirectory connections via 636 I had to add the following to the ldap.conf: SASL_SECPROPS maxssf=0 Reproducible: Always Steps to Reproduce: 1.Connect by any means from openldap server (PHP or ldapsearch) 2. 3. Actual Results: Invalid credentials (49) Message Expected Results: Allowed me to connect. Portage 2.0.51.22-r2 (default-linux/x86/2005.0, gcc-3.3.6, glibc-2.3.5-r1, 2.6.12-gentoo-r9 i686) ================================================================= System uname: 2.6.12-gentoo-r9 i686 Intel(R) Pentium(R) 4 CPU 2.40GHz Gentoo Base System version 1.6.13 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] dev-lang/python: 2.3.5-r2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.4.19, 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O3 -march=pentium4 -funroll-loops -fprefetch-loop-arrays -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O3 -march=pentium4 -funroll-loops -fprefetch-loop-arrays -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X alsa apache2 apm arts avi bitmap-fonts cdr crypt cups curl eds emboss encode esd fam foomaticdb fortran freetds gd gdbm gif gnome gpm gstreamer gtk gtk2 hardenedphp imagemagick imlib innodb jpeg kde ldap libg++ libwww mad mikmod motif mp3 mpeg mysql ncurses nls ogg oggvorbis opengl openssh oss pam pdflib perl php png pwdb python quicktime readline ruby samba sdl slang sqlite ssl tcpd tiff truetype truetype-fonts type1-fonts vorbis xine xml xml2 xmms xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
[eating crow]I determined that it was an Active Directory credential problem.[end eating crow] Everything is working fine. Version/build works perfectly. Please close bug.