[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Reg OpenLdap on Ubuntu

By default, ldapsearch will try authentication via SASL.  Either configure slapd to handle the latter or use -x in addition to -ZZ to force simple authentication.

On Wed, Jul 22, 2009 at 11:31 PM, Asimananda Mohanty <asimananda.mohanty@gmail.com> wrote:
Hi Matt,

Thank you very much.

I got rid of both the errors by 

1. Installing libpam-foreground
2. By changing the uri in /etc/ldap.conf from ldap to ldaps

One last thing is remaining now....

When tried "ldapsearch -ZZ", it asks for some password. When provided with the password, it didn't accept it (the same password what I created during dpkg --configure slapd)

# ldapsearch -ZZ
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)

Thanks again.


On Wed, Jul 22, 2009 at 8:42 PM, Matt Kassawara <battery@writeme.com> wrote:
Installing libpam-foreground or removing the reference to it in /etc/pam.d/common-session will clear up the first error.  The second error probably stems from misconfiguration in /etc/ldap.conf... particularly with how PAM tries to contact your LDAP server (uri, port, ssl/tls directives).

2009/7/20 Asimananda Mohanty <asimananda.mohanty@gmail.com>

Hi Michael,

The command mentioned by you is running fine and it doesn't show any error.

That means that simple bind works fine.

By stating "I am able to login to the server", I meant that I am able to establish an ssh session (via putty) with the server by providing user id and password. In that case, I don't really understand the error while logging in by that user id.

Thanks for your support.


2009/7/20 Michael Ströder <michael@stroeder.com>
Asimananda Mohanty wrote:

> I think the LDAP in current form should solve my purpose.
> Currently I have client and server on the same machine. I have created
> one user in LDAP namely asimananda and I am able to login to the server
> by the same too.

What does "I am able to login to the server" mean exactly. Did you test
with ldapwhoami -x -D <bind-DN of asimananda> -W whether simple bind works?

> *PAM unable to dlopen(/lib/security/pam_foreground.so):
> /lib/security/pam_foreground.so: cannot open shared object file: No such
> file or directory
> PAM adding faulty module: /lib/security/pam_foreground.so
> pam_ldap: ldap_simple_bind Can't contact LDAP server
> pam_ldap: reconnecting to LDAP server...
> pam_ldap: ldap_simple_bind Can't contact LDAP server
> Successful su for asimananda by root
> + pts/3 root:asimananda
> pam_unix(su:session): session opened for user asimananda by root(uid=0)*

Looks like an setup error in your PAM setup. Check the ldap.conf related
to the pam_ldap module. I don't know Ubuntu so I can't help here.

Ciao, Michael.