LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Ldap client configuration not working (https://www.linuxquestions.org/questions/linux-newbie-8/ldap-client-configuration-not-working-4175431851/)

sunveer 10-12-2012 09:25 AM

Ldap client configuration not working
 
I have setup Ldap Server on RHEL 6.3.

I have setup Ldap Client on RHEL 6.3 KVM.

When I run the command : #ldapsearch -x -b "dc=example,dc=com" -h 172.24.0.254
I get the desired result.

Code:

# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# example.com
dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain

# People, example.com
dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

# Group, example.com
dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

# ldapuser1, People, example.com
dn: uid=ldapuser1,ou=People,dc=example,dc=com
uid: ldapuser1
cn: ldapuser1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQ2JDl1bG80TGhWJHVuYktHWUJwRjRmTHEuNE5JbjhoZTNVMGlNbG8
 zRUkvcDJqak15WWhrWXRreUFDSXdrOUtUMy44Nzd3TnM2N1JsQzVZV2VLZms4VmdQRmVrYkM1a1cv
shadowLastChange: 15625
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 500
gidNumber: 500
homeDirectory: /home/ldapuser1

# ldapuser2, People, example.com
dn: uid=ldapuser2,ou=People,dc=example,dc=com
uid: ldapuser2
cn: ldapuser2
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQ2JE9ubEZkaG1QJGZQR0lqdXJjbXpDMkdlLmdPVjVhS2l2OU9DY1N
 IR2k1Qk1yYnNxTVVtRXd5N3JWdWlIdkM0UExsTEhreEp2NTM0VXFYL0NPalZsYW1Ndi8wWks4WjMw
shadowLastChange: 15625
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 501
gidNumber: 501
homeDirectory: /home/ldapuser2

# ldapuser1, Group, example.com
dn: cn=ldapuser1,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser1
userPassword:: e2NyeXB0fXg=
gidNumber: 500

# ldapuser2, Group, example.com
dn: cn=ldapuser2,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser2
userPassword:: e2NyeXB0fXg=
gidNumber: 501

# search result
search: 2
result: 0 Success

# numResponses: 8
# numEntries: 7

However, when I try to run the command : # getent passwd or getent passwd ldapuser1, I don't see the ldap users.

I have added ldap in /etc/nsswitch.conf file and setup nslcd.conf file and restarted the nslcd service.

Also, the logs on client are:

Code:

lOct 12 18:46:08 station1 nslcd[2635]: [e685fb] ldap_start_tls_s() failed: Connect error (uri="ldap://172.24.0.254")
Oct 12 18:46:08 station1 nslcd[2635]: [e685fb] failed to bind to LDAP server ldap://172.24.0.254: Connect error
Oct 12 18:46:08 station1 nslcd[2635]: [e685fb] no available LDAP server found


acid_kewpie 10-12-2012 09:55 AM

disable tls in the nslcd.conf file, I presume it's insisting on that, whereas yoru search is not. Alternatively, make starttls work properly.

sunveer 10-12-2012 11:54 AM

I want to use TLS and have setup certificate and downloaded it.

I have searched for this error but could not find any suitable solution as to what is going wrong.

acid_kewpie 10-12-2012 02:19 PM

well if you want tls then make the ldapsearch run with tls (-ZZ) first. Don't skip steps.

sunveer 10-13-2012 07:21 AM

Solved!

It was certificate problem only and after properly setting up the certificate, I can login the ldapuser.

Thank you for the support.


All times are GMT -5. The time now is 03:35 AM.