Sorry I had a mistake in my ldapsearch. Ldapsearch is working but with it does not found users using "id" command:
[root@XX ~]# service nslcd restart
Stopping nslcd: [ OK ]
Starting nslcd: [ OK ]
[root@dc103 ~]# ldapsearch -x -D 'cn=authenticate, ou=System,dc=test, dc=es' '(objectclass=*)' -W -ZZ
Enter LDAP Password:
# extended LDIF
#
[root@dc103 ~]# id esther
And I have these entries in nsswitch:
[root@XX ~]# grep ldap /etc/nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
Errors in messages log when I try this "id" search:
May 24 10:50:09 XX nslcd[4612]: [8e1f29] no available LDAP server found
May 24 10:50:09 XX nslcd[4612]: [8e1f29] no available LDAP server found
May 24 10:50:09 XX nslcd[4612]: [e87ccd] no available LDAP server found
May 24 10:50:09 XX nslcd[4612]: [e87ccd] no available LDAP server found
May 24 10:50:11 XX nslcd[4612]: [1b58ba] ldap_start_tls_s() failed: Connect error (uri="ldap://ldap1-test")
May 24 10:50:11 XX nslcd[4612]: [1b58ba] failed to bind to LDAP server ldap://ldap1-test: Connect error
May 24 10:50:11 XX nslcd[4612]: [1b58ba] ldap_start_tls_s() failed: Connect error (uri="ldap://ldap2-test")
May 24 10:50:11 XX nslcd[4612]: [1b58ba] failed to bind to LDAP server ldap://ldap2-test: Connect error
May 24 10:50:11 XX nslcd[4612]: [1b58ba] no available LDAP server found
In version 2.4.19-15 I don't see this issue.
TIA,
Esther
2012/5/23 Rich Megginson
<rich.megginson@gmail.com>
On 05/23/2012 10:37 AM, Esther Garcia wrote:
Hi all,
We have an OpenLDAP server (RHEL6) running version 2.4.23-15,
and we have clients in RHEL5 and RHEL6.
With clients in RHEL5 works properly but I found some
problems with RHEL6 clients in versions newer than 2.4.19-15.
In the clients, if I try to upgrade to new versions than
2.4.19-15 then the client stops working:
[root@XX ~]# rpm -qa | grep openldap
openldap-2.4.19-15.el6.x86_64
openldap-clients-2.4.19-15.el6.x86_64
[root@XX ~]# ldapsearch -x -D 'cn=authenticate,
ou=System,dc=test, dc=es' '(objectclass=*)' -W -ZZ
uid=63004(esther) gid=50041(test) groups=50041(test)
[root@XX ~]# yum upgrade openldap*
Updating : openldap-2.4.23-20.el6.x86_64
1/4
warning: /etc/openldap/ldap.conf created as
/etc/openldap/ldap.conf.rpmnew
Updating : openldap-clients-2.4.23-20.el6.x86_64
2/4
Cleanup : openldap-clients-2.4.19-15.el6.x86_64
3/4
Cleanup : openldap-2.4.19-15.el6.x86_64
4/4
openldap.x86_64 0:2.4.23-20.el6
openldap-clients.x86_64 0:2.4.23-20.el6
[root@XX ~]# service nslcd restart
[root@XX ~]# ldapsearch -x -D 'cn=authenticate,
ou=System,dc=test, dc=es' '(objectclass=*)' -W -ZZ
ldap_start_tls: Connect error (-11)
try adding -d 1 - ldapsearch -d 1 -x ....
I have the same configuration files that used with the older
version. I use these configuration files:
/etc/pam_ldap.conf:
binddn cn=authenticate,ou=System,dc=test,dc=es
nss_initgroups_ignoreusers
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
tls_cacertdir /etc/openldap/cacerts
/etc/nslcd.conf
binddn cn=authenticate,ou=System,dc=test,dc=es
tls_cacertdir /etc/openldap/cacerts
/etc/openldap/ldap.conf:
TLS_CACERT /etc/openldap/cacerts/catest.crt
[root@XX ~]# ls -l /etc/openldap/cacerts/catest.crt
-rw-r--r--. 1 root root 1655 May 23 15:23
/etc/openldap/cacerts/catest.crt
Any idea on what the issue is? Am I missing anything?
Thanks in advance,