LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Enterprise (https://www.linuxquestions.org/questions/linux-enterprise-47/)
-   -   Unable to get CentOS 4.4 LDAP authentication to iPlanet Dir Server workfing (https://www.linuxquestions.org/questions/linux-enterprise-47/unable-to-get-centos-4-4-ldap-authentication-to-iplanet-dir-server-workfing-502240/)

bkbugzilla 11-16-2006 11:35 AM
Unable to get CentOS 4.4 LDAP authentication to iPlanet Dir Server workfing
 
I am trying to configure my CentOS 4.4 newly installed server to authenticate via LDAP and have spent the past day on it without getting it going.

The iPlanet server does not allow anonymous bind, so I have the binddn and bindpw fields configured in the /etc/ldap.conf file, and binddn entry in /etc/openldap/ldap.conf.

If I execute ldapsearch -x -L -D "" -W -b at a shell prompt, it displays everything correctly for the user. However, if I omit everything and just do ldapsearch -x -LLL nothing happens, or ldapsearch -x -L '(uid=myuser)'.

I have looked at the howtos in the TLDP and the way it all reads it seems easy to do, so I assume I must be doing something wrong.

Here are the steps I took:

1. Ran /usr/bin/authconfig and enabled LDAP Authentication, specified my server and base
2. Updated the /etc/ldap.conf and /etc/openldap/ldap.conf files
3. Restarted the server

Tried to ssh into the server as a user that exists in ldap (per the search above) and basically get access denied, and there is nothing in /var/log/messages that even indicates it is trying to find my information inside LDAP.

So, since the ldapsearch query doesn't work, I would expect that authentication is not possible.

I think this output was from me restarting the nscd service
[16/Nov/2006:11:40:27 -0500] conn=1082998 fd=99 slot=99 connection from XX.XXX.XX.XXX to XX.XXX.XXX.XXX
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=0 BIND dn="uid=mybinduser,ou=Admin,ou=People,o=ievesp.net" method=128 version=3
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=mybinduser,ou=admin,ou=people,o=ievesp.net"
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=1 SRCH base="o=ievesp.net" scope=2 filter="(&(objectClass=posixAccount)(uid=nscd))" attrs=ALL
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=1 RESULT err=0 tag=101 nentries=0 etime=0
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=2 SRCH base="o=ievesp.net" scope=2 filter="(&(objectClass=posixGroup)(memberUid=nscd))" attrs="gidNumber"
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=2 RESULT err=0 tag=101 nentries=0 etime=0
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=3 SRCH base="o=ievesp.net" scope=2 filter="(&(objectClass=posixAccount)(uid=nscd))" attrs=ALL
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=3 RESULT err=0 tag=101 nentries=0 etime=0
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=4 SRCH base="o=ievesp.net" scope=2 filter="(&(objectClass=posixGroup)(memberUid=nscd))" attrs="gidNumber"
[16/Nov/2006:11:40:27 -0500] conn=1082998 op=4 RESULT err=0 tag=101 nentries=0 etime=0


After running ldapsearch without -D -b or -W
[16/Nov/2006:11:41:13 -0500] conn=1083052 fd=124 slot=124 connection from XX.XXX.XXX.XXX to XX.XXX.XXX.XXX
[16/Nov/2006:11:41:13 -0500] conn=1083052 op=0 BIND dn="" method=128 version=3
[16/Nov/2006:11:41:13 -0500] conn=1083052 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[16/Nov/2006:11:41:13 -0500] conn=1083052 op=1 SRCH base="o=ievesp.net" scope=2 filter="(uid=xo3058)" attrs=ALL
[16/Nov/2006:11:41:13 -0500] conn=1083052 op=1 RESULT err=0 tag=101 nentries=0 etime=0
[16/Nov/2006:11:41:13 -0500] conn=1083052 op=2 UNBIND
[16/Nov/2006:11:41:13 -0500] conn=1083052 op=2 fd=124 closed - U1

bkbugzilla 11-27-2006 09:43 PM
anyone have any ideas out there?


All times are GMT -5. The time now is 05:18 AM.