LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
LinkBack Search this Thread
Old 11-16-2006, 11:35 AM   #1
bkbugzilla
LQ Newbie
 
Registered: Nov 2006
Posts: 2

Rep: Reputation: 0
Unable to get CentOS 4.4 LDAP authentication to iPlanet Dir Server workfing


I am trying to configure my CentOS 4.4 newly installed server to authenticate via LDAP and have spent the past day on it without getting it going.

The iPlanet server does not allow anonymous bind, so I have the binddn and bindpw fields configured in the /etc/ldap.conf file, and binddn entry in /etc/openldap/ldap.conf.

If I execute ldapsearch -x -L -D "" -W -b at a shell prompt, it displays everything correctly for the user. However, if I omit everything and just do ldapsearch -x -LLL nothing happens, or ldapsearch -x -L '(uid=myuser)'.

I have looked at the howtos in the TLDP and the way it all reads it seems easy to do, so I assume I must be doing something wrong.

Here are the steps I took:

1. Ran /usr/bin/authconfig and enabled LDAP Authentication, specified my server and base
2. Updated the /etc/ldap.conf and /etc/openldap/ldap.conf files
3. Restarted the server

Tried to ssh into the server as a user that exists in ldap (per the search above) and basically get access denied, and there is nothing in /var/log/messages that even indicates it is trying to find my information inside LDAP.

So, since the ldapsearch query doesn't work, I would expect that authentication is not possible.

I think this output was from me restarting the nscd service
[16/Nov/2006:11:40:27 -0500] conn=1082998 fd=99 slot=99 connection from XX.XXX.XX.XXX to XX.XXX.XXX.XXX
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=0 BIND dn="uid=mybinduser,ou=Admin,ou=People,o=ievesp.net" method=128 version=3
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=mybinduser,ou=admin,ou=people,o=ievesp.net"
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=1 SRCH base="o=ievesp.net" scope=2 filter="(&(objectClass=posixAccount)(uid=nscd))" attrs=ALL
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=1 RESULT err=0 tag=101 nentries=0 etime=0
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=2 SRCH base="o=ievesp.net" scope=2 filter="(&(objectClass=posixGroup)(memberUid=nscd))" attrs="gidNumber"
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=2 RESULT err=0 tag=101 nentries=0 etime=0
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=3 SRCH base="o=ievesp.net" scope=2 filter="(&(objectClass=posixAccount)(uid=nscd))" attrs=ALL
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=3 RESULT err=0 tag=101 nentries=0 etime=0
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=4 SRCH base="o=ievesp.net" scope=2 filter="(&(objectClass=posixGroup)(memberUid=nscd))" attrs="gidNumber"
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=4 RESULT err=0 tag=101 nentries=0 etime=0


After running ldapsearch without -D -b or -W
[16/Nov/2006:11:41:13 -0500] conn=1083052 fd=124 slot=124 connection from XX.XXX.XXX.XXX to XX.XXX.XXX.XXX
[16/Nov/2006:11:41:13 -0500] conn=1083052 op=0 BIND dn="" method=128 version=3
[16/Nov/2006:11:41:13 -0500] conn=1083052 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[16/Nov/2006:11:41:13 -0500] conn=1083052 op=1 SRCH base="o=ievesp.net" scope=2 filter="(uid=xo3058)" attrs=ALL
[16/Nov/2006:11:41:13 -0500] conn=1083052 op=1 RESULT err=0 tag=101 nentries=0 etime=0
[16/Nov/2006:11:41:13 -0500] conn=1083052 op=2 UNBIND
[16/Nov/2006:11:41:13 -0500] conn=1083052 op=2 fd=124 closed - U1
 
Old 11-27-2006, 09:43 PM   #2
bkbugzilla
LQ Newbie
 
Registered: Nov 2006
Posts: 2

Original Poster
Rep: Reputation: 0
anyone have any ideas out there?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up LDAP authentication server on Slackware Yalla-One Slackware 2 03-28-2006 04:29 PM
IBM Http server with ldap authentication Rinish Linux - Networking 1 06-16-2005 08:11 AM
IPlanet Server Vs Sun ONE Web Server 6.1 barkhashah Solaris / OpenSolaris 4 10-19-2004 07:42 AM
PPTP (VPN) server: authentication options (Radiut / Chap-secrets / ldap/..) ? aa_tango Linux - Wireless Networking 0 05-27-2004 09:47 AM
Mail Server Authentication via LDAP RKris Linux - Networking 2 02-08-2004 05:48 AM


All times are GMT -5. The time now is 12:40 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration