Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I followed the guide from the below link to set up a ldap server. After everything is finished, I configured a client for ldap authentication and I can search the entries in ldap using the command ldapsearch -x ZZ but when I am trying to login to the client using a ldap user, the prompt just keeps waiting. I found the below log from the ldap server side.
Log for successful search from client side
Code:
Jan 24 11:34:00 server3 slapd[11086]: conn=1012 fd=19 ACCEPT from IP=<CLIENT-IP>:22759 (IP=0.0.0.0:389)
Jan 24 11:34:00 server3 slapd[11086]: conn=1012 op=0 BIND dn="" method=128
Jan 24 11:34:00 server3 slapd[11086]: conn=1012 op=0 RESULT tag=97 err=0 text=
Jan 24 11:34:00 server3 slapd[11086]: conn=1012 op=1 SRCH base="<DOMAIN>" scope=2 deref=0 filter="(objectClass=*)"
Jan 24 11:34:00 server3 slapd[11086]: conn=1012 op=1 SRCH attr=ZZ
Jan 24 11:34:00 server3 slapd[11086]: conn=1012 op=1 SEARCH RESULT tag=101 err=0 nentries=6 text=
Jan 24 11:34:00 server3 slapd[11086]: conn=1012 op=2 UNBIND
Jan 24 11:34:00 server3 slapd[11086]: conn=1012 fd=19 closed
Log for unsuccessful ldap user login from client side
Code:
Jan 24 11:35:23 server3 slapd[11086]: conn=1013 fd=19 ACCEPT from IP=<CLIENT-IP>:53501 (IP=0.0.0.0:389)
Jan 24 11:35:23 server3 slapd[11086]: conn=1013 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jan 24 11:35:23 server3 slapd[11086]: conn=1013 op=0 STARTTLS
Jan 24 11:35:23 server3 slapd[11086]: conn=1013 op=0 RESULT oid= err=0 text=
you're *searching" for ldap entries containing the string "ZZ" there, when you apparently intended to search with "-ZZ" which is the option to enforce TLS, very very different!
Thanks for the info chris. When I put in the -ZZ option, the same scenario of not being able to login happened. Then I removed the tls encryption and login succeeded. It seems like a problem with tls encryption. What might be the problem ??
SLAPD_LDAPS="yes" appears to only mean that slapd would listen on port 636, which has nothing at all to do with STARTTLS, which runs over the default port 389. And on the other side of the fence, you've created some certs, but not told anything to actually USE them.
How do I use the certificates then ? Sorry if I sound like a complete moron, but I am kind of a newbie, and I'm just starting to learn about linux servers.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.