LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-16-2012, 03:11 AM   #1
uk.engr
Member
 
Registered: Apr 2012
Posts: 131

Rep: Reputation: Disabled
Problem in LDAP


Assalam o Alaikum!

I have followed following link for configuring LDAP. But I am unable to login from client to ldap server.
Server
http://www.server-world.info/en/note..._14&p=ldap&f=1
Client:
http://www.server-world.info/en/note..._14&p=ldap&f=2

Now I when I tried from client in this way at login screen:
uk.example.com
Password:******
Authentication fails

tcpdump result at server side:

03:24:10.542392 IP 192.168.1.93.59277 > server.example.com.ldap: Flags [S], seq 2995702033, win 5840, options [mss 1460,sackOK,TS val 4604901 ecr 0,nop,wscale 6], length 0
03:24:10.542514 IP server.example.com.ldap > 192.168.1.93.59277: Flags [S.], seq 2981601597, ack 2995702034, win 5792, options [mss 1460,sackOK,TS val 4650729 ecr 4604901,nop,wscale 6], length 0
03:24:10.545300 IP 192.168.1.93.59277 > server.example.com.ldap: Flags [.], ack 1, win 92, options [nop,nop,TS val 4604902 ecr 4650729], length 0
03:24:10.545405 IP 192.168.1.93.59277 > server.example.com.ldap: Flags [P.], seq 1:15, ack 1, win 92, options [nop,nop,TS val 4604903 ecr 4650729], length 14
03:24:10.545564 IP server.example.com.ldap > 192.168.1.93.59277: Flags [.], ack 15, win 91, options [nop,nop,TS val 4650732 ecr 4604903], length 0
 
Old 10-16-2012, 03:19 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
you've jumped far too many steps there. Can you bind to ldap with a valid account with ldapsearch? A basic tcpdump is of no use other than to show that there is ldap communication happening, which is certainly something. You should really look at that traffic in wireshark and look at the actual LDAP requests being made, that's extremely useful.
 
Old 10-16-2012, 04:12 AM   #3
milind_bhavsar
LQ Newbie
 
Registered: Apr 2012
Posts: 7

Rep: Reputation: Disabled
Hi,

Check in slapd.conf ,whether you are using any encrypted algorithm for storing password for your LDAP Directory manager.

Also try to connect locally first rather than checking tcpdump output...in case if ssh is not enabled you will not be able to connect to server remotely.

LDAP provides simple bind to connect to LDAP Server...
 
Old 10-16-2012, 04:31 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
Quote:
Originally Posted by milind_bhavsar View Post
Hi,

Check in slapd.conf ,whether you are using any encrypted algorithm for storing password for your LDAP Directory manager.

Also try to connect locally first rather than checking tcpdump output...in case if ssh is not enabled you will not be able to connect to server remotely.

LDAP provides simple bind to connect to LDAP Server...
What would SSH have to do with any of this?
 
Old 10-16-2012, 06:00 AM   #5
uk.engr
Member
 
Registered: Apr 2012
Posts: 131

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by acid_kewpie View Post
you've jumped far too many steps there. Can you bind to ldap with a valid account with ldapsearch? A basic tcpdump is of no use other than to show that there is ldap communication happening, which is certainly something. You should really look at that traffic in wireshark and look at the actual LDAP requests being made, that's extremely useful.

[root@fedora14 client]# ldapsearch -h ukengr
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

my distro is fedora 14
 
Old 10-16-2012, 08:05 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
well from that you need to learn how to do an ldapsearch. plenty of docs and examples out there. immediately, you would want to add an -x to do a "normal" bind instead of SASL
 
Old 10-17-2012, 07:17 AM   #7
uk.engr
Member
 
Registered: Apr 2012
Posts: 131

Original Poster
Rep: Reputation: Disabled
Please provide me any link for configuring LDAP for fedora 14+,

When I googled I found mostly links for less than fedora 14.

I am confused when I see configuration related to fedora 12 or 13 their config files naming and config is little bit different. example in fedora 14 config file name is ldap.conf and in fedora 13 it is slapd.conf.

It may be childish question above. But I need to clear this concept please help. Thanks
 
Old 10-17-2012, 07:38 AM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
you're reading the wrong docs and haven't covered the advice you've already been given. slapd.conf is for an OpenLDAP server, not OS level LDAP client config. Newer versions of Fedora will be using nslcd.conf but not in 14 I don't believe (which is obsolete)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] LDAP authentication error [Can't contact LDAP server] from apache httpd jonathan_w_brown Linux - Server 6 12-28-2011 06:30 PM
[SOLVED] Apache authentication: allow LDAP group OR user named guest, but not all LDAP users AlucardZero Linux - Server 1 05-25-2011 04:21 PM
SMBLDAP-TOOLS SAMBA LDAP . Problem when filling ldap. jcdole Linux - Server 0 06-07-2008 12:41 PM
authenticating through one ldap server that uses other ldap servers & active director dreamm Linux - Server 1 02-21-2007 09:22 AM
LXer: LDAP Series Part IV - Installing OpenLDAP on Debian Plus Some LDAP Commentary LXer Syndicated Linux News 0 10-31-2006 07:54 PM


All times are GMT -5. The time now is 07:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration