[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap auth

To: "Alex Vorobiev" <sasha@mathforum.com>
Subject: Re: ldap auth
From: "Andrew Crum" <acrum@oculustech.com>
Date: Tue, 29 May 2001 12:44:12 -0700
Cc: <openldap-software@OpenLDAP.org>
References: <3B12841F.2CD9A1E3@oculustech.com> <20010528130435.A133287@mathforum.com> <3B128C96.F9D2F38F@oculustech.com> <20010529123831.A193677@mathforum.com>

Thanks for the reply Alex. Yes, this is very odd.

/etc/ldap.conf is a symlink to /etc/openldap/ldap.conf. I did this *just* in
case nss_ldap or pam_ldap where acting weird.

the nss_base_passwd stuff, I just gave that a shot. It came with a sample
conf file from nss_ldap so I just tried it. I've taken it out now.

As for the debugging, that's next after this new test I'm trying to run. I
noticed that there is newer versions of both pam_ldap and nss_ldap from
padl. I'm in the process of setting them up.

If that doesn't work, I guess I will try with the debugging options. Any
other help will be greatly appreciated.

Thanks,
Andrew

----- Original Message -----
From: "Alex Vorobiev" <sasha@mathforum.com>
To: "Andrew Crum" <acrum@oculustech.com>
Cc: <openldap-software@openldap.org>
Sent: Tuesday, May 29, 2001 9:38 AM
Subject: Re: ldap auth


>
> andrew,
>
> that's odd.
>
> i am not using naming contexts, like nss_base_passwd, but that shouldn't
> have any affect on binding to the server...
>
> silly question, but have you compared your /etc/openldap/ldap.conf (used
> by openldap utilities), and /etc/ldap.conf (for nss_ldap) to make sure
> that the values are the same?
>
> have you tried debugging openldap?  tracing the calls?  my guess is that
> it is not even hitting the server, if it can't find it.
>
> must be something with the nss_ldap configuration.
>
> --sasha
>
>
>
> On Mon, May 28, 2001 at 01:36:22PM -0400, Andrew Crum wrote:
> > ok. Thanks for the reply.
> >
> > I am using rh6.2, openldap 2.0.11, nss_ldap-150, pam_ldap-108 all from
> > source.
> >
> > ------/etc/ldap.conf---------
> > host 192.168.x.x
> > base dc=foo, dc=com
> > ldap_version 3
> > binddn cn=Manager,dc=foo,dc=com
> > rootbinddn cn=Manager,dc=foo,dc=com
> > bindpw sekrit
> >
> > nss_base_passwd ou=People,dc=foo,dc=com?one
> > nss_base_shadow ou=People,dc=foo,dc=com?one
> > nss_base_group ou=People,dc=foo,dc=com?one
> > -----end ldap.conf------------
> >
> > -----/etc/nsswitch.conf--------
> > passwd: files ldap
> > group: files ldap
> > shadow: files ldap
> >
> > hosts:  dns ldap
> >
> > services:   ldap [NOTFOUND=return] files
> > networks:   ldap [NOTFOUND=return] files
> > protocols:  ldap [NOTFOUND=return] files
> > rpc:        ldap [NOTFOUND=return] files
> > ethers:     ldap [NOTFOUND=return] files
> > ----end nsswitch.conf-----
> >
> > I made the proper changes to the files in pam.d.
> > When I try to login syslog says "pam_ldap: ldap_simple_bind Can't
> > contact LDAP server". But I don't know why because if I simply type
> > "ldapsearch" the ldap server returns the users I put in the database.
> >
> > Alex Vorobiev wrote:
> > >
> > > authconfig operates on files, so it doesn't matter whether you use RH
> > > openldap rpms or compile and install ldap yourself (as long as
> > > /etc/ldap.conf, /etc/nsswitch.conf, and /etc/pam.d files are located
where
> > > expected).
> > >
> > > to get more help, you will need to provide software versions you have
> > > installed (openldap, nss_ldap, your config, such as /etc/ldap.conf,
and
> > > any changes you have made to your files.
> > >
> > > --sasha
> > >
> > > On Mon, May 28, 2001 at 01:00:15PM -0400, Andrew Crum wrote:
> > > > Has anyone got these two to work together?
> > > >
> > > > I have followed every single document out there, but I
> > > > haven't any luck
> > > > getting it to work. I am trying to rid my network of nis and
> > > > move to a
> > > > central ldap solution, where all the users get there
> > > > /etc/passwd,
> > > > /etc/groups......from ldap.
> > > >
> > > > On my client, I simply do "ldapsearch" and it returns
> > > > everything OK. But
> > > > when I try to login I get a syslog entry:
> > > >
> > > >     pam_ldap: ldap_simple_bind Can't contact LDAP server
> > > >
> > > > Can someone please shed some light? I'm using rh62 but I'm
> > > > not using the
> > > > rpms, so I can't use authconfig.
> > > >
> > > > Thanks,
> > > > Andrew Crum
> > > >
> > > >
> > > > I know I *should* be asking this in the pam_ldap mailing
> > > > lists, but there is
> > > > a LOT more support in this group.
>
>

Follow-Ups:
- Re: ldap auth
  - From: "Andrew Crum" <acrum@oculustech.com>

References:
- ldap auth
  - From: Andrew Crum <acrum@oculustech.com>
- Re: ldap auth
  - From: Alex Vorobiev <sasha@mathforum.com>
- Re: ldap auth
  - From: Andrew Crum <acrum@oculustech.com>
- Re: ldap auth
  - From: Alex Vorobiev <sasha@mathforum.com>

Prev by Date: compile php with openldap
Next by Date: Where are the docs for SSL Bind API calls?
Index(es):
- Chronological
- Thread