nss_ldap: failed to bind to LDAP server
Hi,
I am trying to configure openldap 2.4.23 client running on openSuSE 11.4 64 bit server with modules pam 1.1.3 nss ldap 265-9.3 and krb5 1.8.3 but I am receiving the following error message when the server connects to the ldap server (Windows Sever 2008). Quote:
Code:
base dc=server,dc=com Code:
enable-cache passwd yes Code:
[libdefaults] Quote:
Code:
# search result Quote:
I am also able to browse the ldap server using the yast ldap browser GUI. So, I am thinking there is something that I have overlooked in a configuration setting. Please help! Thanks. |
First, I am by no means an ldap expert; however there are a lot of things here that are troublesome.
The primary issues are binddn, base, and ldapsearch. Think of binddn and base as backwards pathes - base is your root node to your ldap directory - in this case it would be your domain: Code:
base dc=powellitc,dc=com Code:
binddn cn=Administrator,cn=Users,dc=powellitc,dc=com Also - I'm assuming all directory information has been loaded into server correctly - If it has not you will continue to get no results. ok - so a couple things about ldapsearch - when using certificates simple authentication isn't required (-x, -W) You may still use simple authentication if it is set up within slapd.conf file on ldap server. Listed below are a few examples of ldapsearch calls with explanations: Code:
ldapsearch -D "cn=Administrator,cn=Users,dc=powellitc,dc=com" -x -W * Note: ldapsearch by default uses sub as its scope. Meaning it will search all directories including sub directories. You can change scope with -s and one of three values (base,sub,children) Code:
ldapsearch -D "cn=Administrator,cn=Users,dc=powellitc,dc=com" -x -W uid=myID To list only attributes stored in directory structure use: Code:
ldapsearch -D "cn=Administrator,cn=Users,dc=powellitc,dc=com" -x -W -A Code:
ldapsearch -D "cn=Administrator,cn=Users,dc=powellitc,dc=com" -x -W uid=myID sn cn shadowMin |
Thanks for the tips and pointers. I have updated the /etc/openldap/slapd.conf /etc/ldap.conf files, and restarted the ldap service. Here is the returned messages
Quote:
|
Are you familar with LDAP? If not I recommend starting off with a simpler configuration until you get concepts. It can get fairly complicated when you start throwing in extensions, especially if you haven't set up a basic server before.
There are several variables here that make it difficult to troubleshoot. Just from that output which I guess is from -d 0 from starting slapd? Id say start with a basic configuration and slowly add elements into conf files. When slapd doesn't start - that is error. Also, Here is a fairly extensive guide for openLDAP that might be able to shed more light on configurations: http://tldp.org/HOWTO/LDAP-HOWTO/index.html |
Fixed It!
I resolved the issue using the following procedure starting from scratch:
1. Install openldap and openldap tools 2. Generate encrypted password using Code:
slappasswd Quote:
Code:
suffix "dc=powell,dc=com" 5. Test connection with Code:
ldapsearch -D "cn=Administrator,cn=Users,dc=powell,dc=com" -x -W uid=myuserid Quote:
Quote:
8. Add Quote:
9. Edit file /etc/samba/smb.conf with the settings: Code:
[global] Code:
[libdefaults] Code:
/usr/bin/kinit Administrator@POWELL.COM 12. execute command Code:
klist Expected Output: Quote:
Code:
net ads join -S domain-ctrl.powell.com -U Administrator Expected Output: Quote:
Code:
rcwinbind start 15. Execute Code:
wbinfo -u Quote:
I hope this post was helpful to someone who has the same issue as I did! Thanks |
All times are GMT -5. The time now is 04:53 AM. |