Cern Week 34

So I have been slacking my blog. I haven't posted anything decent in the last few weeks, mainly due to the fact that I have not been doing much interesting stuff. This week was spent trying to get Linux to authenticate against active directory. There were loads of problems. The biggest was a problem with the certificates. The AD server was load balanced through a round robin dns switch. So the host was dc.cern.ch but the actual dns resolve lead to dc3.cern.ch so the certificate didn't match. This took quite a while till I had made all the changes to have a second host line in the certificates. Further I had some problems with getting the cern ca certificate on all my machines. After some work I found out that the rpm was broken. Brilliant. Then I found out that AD can only return 1024 entries at max what caused another error as getpwent failed. This is due to getpwent requesting all users at once (26000 in AD) returned only 1024. So lots of problems with Linux windows communication, but now it seams to work.

ldap_open and ldap_init with Active Directory

All my ldap programs have till now used the OpenLdap server. As we are now migrating to the Ldap fronted of Active Directory I had to migrate quite a few c programs. But here is the problem:
If I use ldap_init it will fail and shout at me
ldap_simple_bind_s: Can't contact LDAP server 
but if I use ldap_open it all works. No idea why this is happening. But ldap_open is deprecated so lots of fun coming up. That's what you get for writing c programs.