LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 10-11-2007, 02:33 PM   #1
sir-lancealot
Member
 
Registered: Aug 2007
Posts: 336

Rep: Reputation: 31
ldap authentication help ...


This is driving me nuts! Anyway, have openldap running on a RH server working fine. I can query it via ldapsearch as well as running apache locally with phpLdapAdmin and can login, etc. so I know all is well.

Now the client part is driving me iNsAnE! I read 100 different articles all say different things so I have to say someone out here has it working! My test client Fedora, I run the system-config-authentication, select ldap and the proper info for both User and Authentication. Logout, login as my test ldap user (not on the local box) and nothing, nothing on the ldap server either.

The nss-ldap and ldap-conf files are updated correctly via the above config, so I need someone to throw some suggestions, ideas or something this way.

As always, thanks
 
Old 10-11-2007, 02:52 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,397

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
ok, well in general you need demarcation points... the getent tool lets you pull down the systems view of your passwd database, shadow, group and other things. if you do a "getent passwd" you'll see all possible users that the system recognises could log in to your system. you'll see the local data, the ldap data and any other user sources. that'll let you see what ldap data is being pulled back. it's quite possible that you're getting some data, but not all of it. when i was trying to get ldap connectivity to Active Directory, i had issues like i wasn't providing UID's from it... also a packet sniffer is (imho) a very useful tool. if you are not using ldaps then you can see if the server is actually giving you data back from a tool like wireshark. also the redhat tool itself is insufficient. you *should* need to bind with a real user account, not anonymously, something that the redhat tool doesn't even let you specify. use the tool for a base, then edit your /etc/ldap.conf to actually make it work.
 
Old 10-11-2007, 04:00 PM   #3
sir-lancealot
Member
 
Registered: Aug 2007
Posts: 336

Original Poster
Rep: Reputation: 31
thanks for the quick help.

ok, well since reading, I did update the ldap.conf with some connection info and see that it's failing so I am taking a step forward and back as I am getting errors in the client log file. Taking a step back, I am trying to understand who bind's to query. In the ldap, I have the admin (cn=admin, ou=employees,dc=company,dc=com). The question / problem here lies in the ldap.conf file because playing with that causes the errors;

There are 2 bind's, the 1st is a binddn the other rootbind, I assume either of them could bind as the admin above and I guess there should be another user who can bind w/o admin functionality, but for now, I just want this to work, then can tweak. If I use the above as either the binddn or rootbinddn and comment bindpw, in the messages file I get;
nss_ldapL failed to bind to LDAP server .... Invalid credentials (which is good)

If I uncomment the bindpw, save and re-issue the getent it runs through the local and hangs (wireshark locks up) and I must force quit.

So at least I get feedback, the admin password is encrypted so I am sure the bindpw has to show that, but how can I echo (for lack of a better term) that password in that format to put in the ldap.conf file?

Thanks again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
help in LDAP authentication chickenjoy Linux - Server 3 06-14-2007 05:28 AM
LDAP Authentication and su da_kidd_er Linux - Networking 1 12-27-2005 11:24 AM
Ldap Authentication joeyBig Programming 1 08-25-2004 10:00 AM
ldap authentication box_l Mandriva 0 03-22-2004 03:24 AM
LDAP Authentication Staceman Linux - Software 0 07-31-2003 08:14 AM


All times are GMT -5. The time now is 09:22 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration