LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 08-14-2012, 03:55 AM   #1
sunveer
Member
 
Registered: Jul 2012
Posts: 135

Rep: Reputation: Disabled
LDAP Client Configuration


I have setup ldap client authentication on RHEL 6

The command
Code:
#ldapsearch -x -b "dc=example,dc=com"
returns the list of ldap users .

But the command
Code:
#getent passwd ldapuser1
doesn't show any result. It hangs few seconds and shows no result and I am unable to login ldapuser1.

Last edited by sunveer; 08-14-2012 at 04:01 AM.
 
Old 08-14-2012, 05:00 AM   #2
barghota
Member
 
Registered: Jul 2003
Location: Cairo, Egypt
Distribution: CentOS, RHEL, Debian, FreeBSD
Posts: 94

Rep: Reputation: 38
Did you configure the system authentication resources correctly using 'authconfig-tui'?

Can you post the content of '/etc/openldap/ldap.conf' and '/etc/nsswitch.conf'?
 
Old 08-14-2012, 05:04 AM   #3
sunveer
Member
 
Registered: Jul 2012
Posts: 135

Original Poster
Rep: Reputation: Disabled
With command #ldapsearch -x -ZZ "dc=example,dc=com", I am getting this error : TLS error -5932 encountered end of file
 
Old 08-14-2012, 05:13 AM   #4
barghota
Member
 
Registered: Jul 2003
Location: Cairo, Egypt
Distribution: CentOS, RHEL, Debian, FreeBSD
Posts: 94

Rep: Reputation: 38
Did you configure your ldap with use TLS?

Which ldap is this? openldap? sun directory server? 389-ds?
 
Old 08-14-2012, 05:33 AM   #5
sunveer
Member
 
Registered: Jul 2012
Posts: 135

Original Poster
Rep: Reputation: Disabled
I'm using openldap and using TLS.
 
Old 08-14-2012, 05:57 AM   #6
barghota
Member
 
Registered: Jul 2003
Location: Cairo, Egypt
Distribution: CentOS, RHEL, Debian, FreeBSD
Posts: 94

Rep: Reputation: 38
Can you post the content of "/etc/openldap/slapd.conf"?
 
Old 08-14-2012, 06:00 AM   #7
sunveer
Member
 
Registered: Jul 2012
Posts: 135

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by barghota View Post
Can you post the content of "/etc/openldap/slapd.conf"?
There is no slapd.conf file in RHEL 6.

There is a ldap.conf file and contents are

Code:
TLS_CACERTDIR /etc/openldap/cacerts
URI ldap://192.168.1.10
BASE dc=example,dc=com
 
Old 08-15-2012, 04:54 AM   #8
sunveer
Member
 
Registered: Jul 2012
Posts: 135

Original Poster
Rep: Reputation: Disabled
Anyone any help
 
Old 08-15-2012, 08:26 AM   #9
sunveer
Member
 
Registered: Jul 2012
Posts: 135

Original Poster
Rep: Reputation: Disabled
With command #ldapsearch -x -ZZ "dc=example,dc=com", I am getting this error :

ldap_start_tls: connect error (-11)
addition info: TLS error -5932 encountered end of file
 
Old 08-15-2012, 08:59 AM   #10
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,223

Rep: Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474
Quote:
Originally Posted by sunveer
Anyone any help
..and...
Quote:
Originally Posted by sunveer View Post
With command #ldapsearch -x -ZZ "dc=example,dc=com", I am getting this error :
ldap_start_tls: connect error (-11) addition info: TLS error -5932 encountered end of file
Don't bump your own thread after less than 24 hours...we volunteer our time here.

Putting that error into Google pulls up lots..did you try there? Also some links on this site too:
https://www.linuxquestions.org/quest...r-11-a-497888/
http://www.openldap.org/lists/openld.../msg00060.html
http://stackoverflow.com/questions/2...t-error-in-php
http://osdir.com/ml/ldap.umich/2007-03/msg00098.html

The error points to TLS not being set up correctly, or a bad certificate/hostname.
 
Old 11-07-2012, 06:04 PM   #11
sjhauer
LQ Newbie
 
Registered: Nov 2012
Posts: 1

Rep: Reputation: Disabled
Has anyone figured thus out?

I am having exactly the same error using RHEL 6.3 and OpenDJ 2.4.5.

RedHat support has been no help.

All of my RHEL 5 LDAP clients have no trouble at all connecting either in the clear, using startTLS, or using LDAPS.

On RHEL 6, id, getent, and ldapsearch all give errors when attempting to connect using startTLS or LDAPS. The only way I've found to get RHEL 6 to play even sort-of nice with OpenDJ/LDAP is to use the option "ldap_auth_disable_tls_never_use_in_production = TRUE" in /etc/sssd/sssd.conf, which (thank god) won't allow a change to a password since it's not an encrypted channel.

The OpenDJ server gives a log message about "no cipher suites in common", which isn't very helpful, as that seems to be the "default" message when something goes wrong with SSL negotiation.

I know my certificates are good, since they work for all the RHEL 5 clients. I also know that startTLS works on the LDAP server, since all the RHEL 5 clients can do that successfully as well.

Any thoughts, anyone?

Last edited by sjhauer; 11-09-2012 at 12:11 PM. Reason: fix typos and additional informartion
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
A problem for LDAP client configuration on CENT 6.0 X64 windbadboy Linux - Server 1 05-31-2012 09:33 AM
Ldap client configuration error in RHEL5 sankadeva Linux - Server 1 02-05-2010 10:06 AM
request for ldap server/client configuration soumalya Linux - Server 1 01-29-2008 07:24 AM
ldap client configuration sp149 Linux - Server 7 01-14-2008 04:06 PM
LDAP client configuration help omart Linux - Software 1 11-22-2004 02:06 AM


All times are GMT -5. The time now is 05:43 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration