[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap auth

To: <openldap-software@OpenLDAP.org>
Subject: Re: ldap auth
From: "Andrew Crum" <acrum@oculustech.com>
Date: Tue, 29 May 2001 19:56:40 -0700
References: <3B12841F.2CD9A1E3@oculustech.com> <20010528130435.A133287@mathforum.com> <3B128C96.F9D2F38F@oculustech.com> <20010529123831.A193677@mathforum.com> <000b01c0e877$bc9c0e30$01000001@zamorano>

Just for the record...
I finally fixed the problem.

Note to self, and note to the list:
Make sure you DON'T have any spaces after any values in the ldap.conf file.


----- Original Message -----
From: "Andrew Crum" <acrum@oculustech.com>
To: "Alex Vorobiev" <sasha@mathforum.com>
Cc: <openldap-software@OpenLDAP.org>
Sent: Tuesday, May 29, 2001 12:44 PM
Subject: Re: ldap auth


> Thanks for the reply Alex. Yes, this is very odd.
>
> /etc/ldap.conf is a symlink to /etc/openldap/ldap.conf. I did this *just*
in
> case nss_ldap or pam_ldap where acting weird.
>
> the nss_base_passwd stuff, I just gave that a shot. It came with a sample
> conf file from nss_ldap so I just tried it. I've taken it out now.
>
> As for the debugging, that's next after this new test I'm trying to run. I
> noticed that there is newer versions of both pam_ldap and nss_ldap from
> padl. I'm in the process of setting them up.
>
> If that doesn't work, I guess I will try with the debugging options. Any
> other help will be greatly appreciated.
>
> Thanks,
> Andrew
>
> ----- Original Message -----
> From: "Alex Vorobiev" <sasha@mathforum.com>
> To: "Andrew Crum" <acrum@oculustech.com>
> Cc: <openldap-software@openldap.org>
> Sent: Tuesday, May 29, 2001 9:38 AM
> Subject: Re: ldap auth
>
>
> >
> > andrew,
> >
> > that's odd.
> >
> > i am not using naming contexts, like nss_base_passwd, but that shouldn't
> > have any affect on binding to the server...
> >
> > silly question, but have you compared your /etc/openldap/ldap.conf (used
> > by openldap utilities), and /etc/ldap.conf (for nss_ldap) to make sure
> > that the values are the same?
> >
> > have you tried debugging openldap?  tracing the calls?  my guess is that
> > it is not even hitting the server, if it can't find it.
> >
> > must be something with the nss_ldap configuration.
> >
> > --sasha
> >
> >
> >
> > On Mon, May 28, 2001 at 01:36:22PM -0400, Andrew Crum wrote:
> > > ok. Thanks for the reply.
> > >
> > > I am using rh6.2, openldap 2.0.11, nss_ldap-150, pam_ldap-108 all from
> > > source.
> > >
> > > ------/etc/ldap.conf---------
> > > host 192.168.x.x
> > > base dc=foo, dc=com
> > > ldap_version 3
> > > binddn cn=Manager,dc=foo,dc=com
> > > rootbinddn cn=Manager,dc=foo,dc=com
> > > bindpw sekrit
> > >
> > > nss_base_passwd ou=People,dc=foo,dc=com?one
> > > nss_base_shadow ou=People,dc=foo,dc=com?one
> > > nss_base_group ou=People,dc=foo,dc=com?one
> > > -----end ldap.conf------------
> > >
> > > -----/etc/nsswitch.conf--------
> > > passwd: files ldap
> > > group: files ldap
> > > shadow: files ldap
> > >
> > > hosts:  dns ldap
> > >
> > > services:   ldap [NOTFOUND=return] files
> > > networks:   ldap [NOTFOUND=return] files
> > > protocols:  ldap [NOTFOUND=return] files
> > > rpc:        ldap [NOTFOUND=return] files
> > > ethers:     ldap [NOTFOUND=return] files
> > > ----end nsswitch.conf-----
> > >
> > > I made the proper changes to the files in pam.d.
> > > When I try to login syslog says "pam_ldap: ldap_simple_bind Can't
> > > contact LDAP server". But I don't know why because if I simply type
> > > "ldapsearch" the ldap server returns the users I put in the database.
> > >
> > > Alex Vorobiev wrote:
> > > >
> > > > authconfig operates on files, so it doesn't matter whether you use
RH
> > > > openldap rpms or compile and install ldap yourself (as long as
> > > > /etc/ldap.conf, /etc/nsswitch.conf, and /etc/pam.d files are located
> where
> > > > expected).
> > > >
> > > > to get more help, you will need to provide software versions you
have
> > > > installed (openldap, nss_ldap, your config, such as /etc/ldap.conf,
> and
> > > > any changes you have made to your files.
> > > >
> > > > --sasha
> > > >
> > > > On Mon, May 28, 2001 at 01:00:15PM -0400, Andrew Crum wrote:
> > > > > Has anyone got these two to work together?
> > > > >
> > > > > I have followed every single document out there, but I
> > > > > haven't any luck
> > > > > getting it to work. I am trying to rid my network of nis and
> > > > > move to a
> > > > > central ldap solution, where all the users get there
> > > > > /etc/passwd,
> > > > > /etc/groups......from ldap.
> > > > >
> > > > > On my client, I simply do "ldapsearch" and it returns
> > > > > everything OK. But
> > > > > when I try to login I get a syslog entry:
> > > > >
> > > > >     pam_ldap: ldap_simple_bind Can't contact LDAP server
> > > > >
> > > > > Can someone please shed some light? I'm using rh62 but I'm
> > > > > not using the
> > > > > rpms, so I can't use authconfig.
> > > > >
> > > > > Thanks,
> > > > > Andrew Crum
> > > > >
> > > > >
> > > > > I know I *should* be asking this in the pam_ldap mailing
> > > > > lists, but there is
> > > > > a LOT more support in this group.
> >
> >
>
>

References:
- ldap auth
  - From: Andrew Crum <acrum@oculustech.com>
- Re: ldap auth
  - From: Alex Vorobiev <sasha@mathforum.com>
- Re: ldap auth
  - From: Andrew Crum <acrum@oculustech.com>
- Re: ldap auth
  - From: Alex Vorobiev <sasha@mathforum.com>
- Re: ldap auth
  - From: "Andrew Crum" <acrum@oculustech.com>

Prev by Date: Re: Configure error(POSIX thread)
Next by Date: Schema
Index(es):
- Chronological
- Thread