LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   LDAP Client Configuration (http://www.linuxquestions.org/questions/linux-newbie-8/ldap-client-configuration-4175421976/)

sunveer 08-14-2012 03:55 AM

LDAP Client Configuration
 
I have setup ldap client authentication on RHEL 6

The command
Code:

#ldapsearch -x -b "dc=example,dc=com"
returns the list of ldap users .

But the command
Code:

#getent passwd ldapuser1
doesn't show any result. It hangs few seconds and shows no result and I am unable to login ldapuser1.

barghota 08-14-2012 05:00 AM

Did you configure the system authentication resources correctly using 'authconfig-tui'?

Can you post the content of '/etc/openldap/ldap.conf' and '/etc/nsswitch.conf'?

sunveer 08-14-2012 05:04 AM

With command #ldapsearch -x -ZZ "dc=example,dc=com", I am getting this error : TLS error -5932 encountered end of file

barghota 08-14-2012 05:13 AM

Did you configure your ldap with use TLS?

Which ldap is this? openldap? sun directory server? 389-ds?

sunveer 08-14-2012 05:33 AM

I'm using openldap and using TLS.

barghota 08-14-2012 05:57 AM

Can you post the content of "/etc/openldap/slapd.conf"?

sunveer 08-14-2012 06:00 AM

Quote:

Originally Posted by barghota (Post 4753820)
Can you post the content of "/etc/openldap/slapd.conf"?

There is no slapd.conf file in RHEL 6.

There is a ldap.conf file and contents are

Code:

TLS_CACERTDIR /etc/openldap/cacerts
URI ldap://192.168.1.10
BASE dc=example,dc=com


sunveer 08-15-2012 04:54 AM

Anyone any help

sunveer 08-15-2012 08:26 AM

With command #ldapsearch -x -ZZ "dc=example,dc=com", I am getting this error :

ldap_start_tls: connect error (-11)
addition info: TLS error -5932 encountered end of file

TB0ne 08-15-2012 08:59 AM

Quote:

Originally Posted by sunveer
Anyone any help

..and...
Quote:

Originally Posted by sunveer (Post 4754660)
With command #ldapsearch -x -ZZ "dc=example,dc=com", I am getting this error :
ldap_start_tls: connect error (-11) addition info: TLS error -5932 encountered end of file

Don't bump your own thread after less than 24 hours...we volunteer our time here.

Putting that error into Google pulls up lots..did you try there? Also some links on this site too:
https://www.linuxquestions.org/quest...r-11-a-497888/
http://www.openldap.org/lists/openld.../msg00060.html
http://stackoverflow.com/questions/2...t-error-in-php
http://osdir.com/ml/ldap.umich/2007-03/msg00098.html

The error points to TLS not being set up correctly, or a bad certificate/hostname.

sjhauer 11-07-2012 06:04 PM

Has anyone figured thus out?

I am having exactly the same error using RHEL 6.3 and OpenDJ 2.4.5.

RedHat support has been no help.

All of my RHEL 5 LDAP clients have no trouble at all connecting either in the clear, using startTLS, or using LDAPS.

On RHEL 6, id, getent, and ldapsearch all give errors when attempting to connect using startTLS or LDAPS. The only way I've found to get RHEL 6 to play even sort-of nice with OpenDJ/LDAP is to use the option "ldap_auth_disable_tls_never_use_in_production = TRUE" in /etc/sssd/sssd.conf, which (thank god) won't allow a change to a password since it's not an encrypted channel.

The OpenDJ server gives a log message about "no cipher suites in common", which isn't very helpful, as that seems to be the "default" message when something goes wrong with SSL negotiation.

I know my certificates are good, since they work for all the RHEL 5 clients. I also know that startTLS works on the LDAP server, since all the RHEL 5 clients can do that successfully as well.

Any thoughts, anyone?


All times are GMT -5. The time now is 07:01 AM.