[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PAM Authentication



> Ok, i found out what it is, really dumb mistake, there are three slashes
> in
> the address (ldap:///192.168.1.107:389/). This can confuze most people,
> since when you are asked to put in the address of the ldap server, three
> are
> three slashes ("ldapi:///")

Of course this is a configuration error.  Usually, well-behaved
applications should thoroughly validate data.  OpenLDAP's libldap allows
applications to parse URIs and check whether they are suitable.  Whenever
OpenLDAP software uses URIs, they are parsed and checked.  If you parse
your erroneous URI, the host:port portion will be empty, and the DN
portion will contain "192.168.1.107:389/".  This is obviously not a valid
DN, but since ldap_initialize() does not need the DN portion, it is
ignored, and an empty host:port has a clear meaning and thus does not
trigger any error.  The application (nss_ldap) should have parsed the URI
and should have complained either because the DN portion was present, or,
if its syntax allows the DN portion to be present, because it wasn't a
valid DN.  Feel free to ask (using the most appropriate forum) for an
improved misconfiguration detection of nss_ldap.

p.

> 2010/5/11 Miha Krajnc <miha.krajnc.mb@gmail.com>
>
>> I have set up 2 servers, a web server and a database server. The
>> database
>> server has mysql and OpenLDAP (configured, with 1 Posix user). The web
>> server has apache, php, etc. I want to connect with the web server to
>> the
>> database server with PAM (libpam-ldap) and use creditentials from the
>> database server for user logins. I have set up libpam-ldap, but the
>> authentecation doesnt work. Further investegation (/var/log/auth.log )
>> shows
>> that the teh web server cant contact the database server. However, i
>> also ha
>> ve phpLDAPadmin installed aon the web server, and i can connect to the
>> database server from there. Anyone know what could be wrong?
>> Here is the auth.log:
>>
>> May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server
>> as
>> cn=admin,dc=stef,dc=si - Can't contact LDAP server
>> May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server
>> ldap:///
>> 192.168.1.107:389/: Can't contact LDAP server
>> May 11 10:57:33 web sudo: nss_ldap: reconnecting to LDAP server...
>> May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server
>> as
>> cn=admin,dc=stef,dc=si - Can't contact LDAP server
>> May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server
>> ldap:///
>> 192.168.1.107:389/: Can't contact LDAP server
>>
>>
>> --
>> Lep pozdrav, Miha Krajnc.
>>
>
>
>
> --
> Lep pozdrav, Miha Krajnc.
>