[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap auth

To: Andrew Crum <acrum@oculustech.com>
Subject: Re: ldap auth
From: Alex Vorobiev <sasha@mathforum.com>
Date: Tue, 29 May 2001 12:38:31 -0400
Cc: openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <3B128C96.F9D2F38F@oculustech.com>; from acrum@oculustech.com on Mon, May 28, 2001 at 01:36:22PM -0400
References: <3B12841F.2CD9A1E3@oculustech.com> <20010528130435.A133287@mathforum.com> <3B128C96.F9D2F38F@oculustech.com>
User-agent: Mutt/1.2.5i

andrew,

that's odd.  

i am not using naming contexts, like nss_base_passwd, but that shouldn't
have any affect on binding to the server...

silly question, but have you compared your /etc/openldap/ldap.conf (used
by openldap utilities), and /etc/ldap.conf (for nss_ldap) to make sure
that the values are the same?

have you tried debugging openldap?  tracing the calls?  my guess is that
it is not even hitting the server, if it can't find it.  

must be something with the nss_ldap configuration.

--sasha



On Mon, May 28, 2001 at 01:36:22PM -0400, Andrew Crum wrote:
> ok. Thanks for the reply.
> 
> I am using rh6.2, openldap 2.0.11, nss_ldap-150, pam_ldap-108 all from
> source.
> 
> ------/etc/ldap.conf---------
> host 		192.168.x.x
> base 		dc=foo, dc=com
> ldap_version	3
> binddn		cn=Manager,dc=foo,dc=com
> rootbinddn	cn=Manager,dc=foo,dc=com
> bindpw		sekrit
> 
> nss_base_passwd	ou=People,dc=foo,dc=com?one
> nss_base_shadow ou=People,dc=foo,dc=com?one
> nss_base_group	ou=People,dc=foo,dc=com?one
> -----end ldap.conf------------
> 
> -----/etc/nsswitch.conf--------
> passwd:	files ldap
> group:	files ldap
> shadow: files ldap
> 
> hosts:  dns ldap
> 
> services:   ldap [NOTFOUND=return] files
> networks:   ldap [NOTFOUND=return] files
> protocols:  ldap [NOTFOUND=return] files
> rpc:        ldap [NOTFOUND=return] files
> ethers:     ldap [NOTFOUND=return] files
> ----end nsswitch.conf-----
> 
> I made the proper changes to the files in pam.d.
> When I try to login syslog says "pam_ldap: ldap_simple_bind Can't
> contact LDAP server". But I don't know why because if I simply type
> "ldapsearch" the ldap server returns the users I put in the database.
> 
> Alex Vorobiev wrote:
> > 
> > authconfig operates on files, so it doesn't matter whether you use RH
> > openldap rpms or compile and install ldap yourself (as long as
> > /etc/ldap.conf, /etc/nsswitch.conf, and /etc/pam.d files are located where
> > expected).
> > 
> > to get more help, you will need to provide software versions you have
> > installed (openldap, nss_ldap, your config, such as /etc/ldap.conf, and
> > any changes you have made to your files.
> > 
> > --sasha
> > 
> > On Mon, May 28, 2001 at 01:00:15PM -0400, Andrew Crum wrote:
> > > Has anyone got these two to work together?
> > >
> > > I have followed every single document out there, but I
> > > haven't any luck
> > > getting it to work. I am trying to rid my network of nis and
> > > move to a
> > > central ldap solution, where all the users get there
> > > /etc/passwd,
> > > /etc/groups......from ldap.
> > >
> > > On my client, I simply do "ldapsearch" and it returns
> > > everything OK. But
> > > when I try to login I get a syslog entry:
> > >
> > >     pam_ldap: ldap_simple_bind Can't contact LDAP server
> > >
> > > Can someone please shed some light? I'm using rh62 but I'm
> > > not using the
> > > rpms, so I can't use authconfig.
> > >
> > > Thanks,
> > > Andrew Crum
> > >
> > >
> > > I know I *should* be asking this in the pam_ldap mailing
> > > lists, but there is
> > > a LOT more support in this group.

Follow-Ups:
- Re: ldap auth
  - From: "Andrew Crum" <acrum@oculustech.com>

References:
- ldap auth
  - From: Andrew Crum <acrum@oculustech.com>
- Re: ldap auth
  - From: Alex Vorobiev <sasha@mathforum.com>
- Re: ldap auth
  - From: Andrew Crum <acrum@oculustech.com>

Prev by Date: ldaps and library calls
Next by Date: Fw: LDAP and WinNT Authentication
Index(es):
- Chronological
- Thread