[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cannot bind to ldap other user as root

To: openldap-technical@openldap.org
Subject: Re: cannot bind to ldap other user as root
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Wed, 08 Sep 2010 15:22:30 +0200
In-reply-to: <242795.36763.qm@web110608.mail.gq1.yahoo.com> (Sandor Szalina's message of "Wed, 8 Sep 2010 04:56:51 -0700 (PDT)")
References: <242795.36763.qm@web110608.mail.gq1.yahoo.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b29 (linux)

Sandor Szalina <sszalina@yahoo.com> writes:

> --- On Wed, 8/9/10, Marc Patermann <hans.moser@ofd-z.niedersachsen.de> wrote:
>
>> From: Marc Patermann <hans.moser@ofd-z.niedersachsen.de>
[...]
>> Sandor Szalina schrieb am 08.09.2010 12:16 Uhr:
>> 
>> > I have installed the openldap 2.2.13 with rpm on Red
>> Hat Enterprise
>> > Linux ES release 4 (Nahant Update 8) I have set the
>> TLS setting too.
>> Man, 2.2.13 is ancient:
>> http://www.openldap.org/lists/openldap-announce/200406/msg00002.html
>> You really should try a /newer/ release.
>> 
>> > With the user root I can start the ldapsearch and I
>> receive the
>> > result successfully, the ldap client can connect to
>> the ldap server.
>> >  However if I login with another user I receive
>> the following
>> > message: ldap_bind: Can't contact LDAP server (-1)
>> > 
>> > What can be the problem? Thanks for the help in
>> advance,
>> You did not provide any details
>> - on how to uses ldapsearch and
>> - about the server and client side config

> Thanks for your mail. Here is the information:
>
> The running slapd process is:
> ldap     21697     1  0 07:14 ?        00:00:00 /usr/sbin/slapd -u ldap -h ldaps://*:8108 -f /etc/openldap/slapd.conf
>
> The slapd.conf is:
>
> include         /etc/openldap/schema/core.schema
> include         /etc/openldap/schema/cosine.schema
> include         /etc/openldap/schema/inetorgperson.schema
> include         /etc/openldap/schema/nis.schema
> include         /etc/openldap/schema/local.schema
>
> allow bind_v2
>
> pidfile         /var/run/openldap/slapd.pid
> argsfile        /var/run/openldap/slapd.args
>
> TLSCipherSuite HIGH:MEDIUM:+SSLv2
> TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
> TLSCertificateFile /etc/openldap/servercrt.pem
> TLSCertificateKeyFile /etc/openldap/serverkey.pem
>
>
> database                bdb
> suffix          "dc=test"
> rootdn          "cn=Admin,dc=test"
>
> rootpw          mypasswd
>
> directory       /var/lib/ldap
>
> index objectClass                       eq,pres
> index ou,cn,mail,surname,givenname      eq,pres,sub
> index uidNumber,gidNumber,loginShell    eq,pres
> index uid,memberUid                     eq,pres,sub
> index nisMapName,nisMapEntry            eq,pres,sub
>
> The port 8108 is opened in the firewall.
>
> On the client side there is .ldaprc in the home directory with the following content:
>
> TLS_REQCERT allow

The client needs to have knowledge of the certificate authority in
order to verify the server certificate, thus specify TLS_CACERT or let
the client not have to verify the server certificate, which is not
advisable. 

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: 7770535@sipgate.de 
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6

References:
- Re: cannot bind to ldap other user as root
  - From: Sandor Szalina <sszalina@yahoo.com>

Prev by Date: slapcat generate extra "space" characters in LDIF output
Next by Date: Re: slapcat generate extra "space" characters in LDIF output
Index(es):
- Chronological
- Thread