LDAP SERVER: Could someone please post a tar.gz with the working configuration files?

frenchn00b · 01-15-2010, 12:45 PM

Quote:

Originally Posted by frenchn00b

I could figure out that the security was coming from kerberos. LDAP + NFS is possible, even + SSH, but for higher security, its kerberos. Well, I wont make it this kerberos. Too difficult, already ldap is difficult for me. But now I have my server and client working, well client cannot boot alone.

it works. The problem is only at boot.
Once I boot wiht compat in nsswitch, it works.

If with ldap files into it, it says :

Code:

devd[]: nss_ldap: could not connect to any LDAP server as (null) - Can't contact LDAP server
udevd[]: nss_ldap: failed to bind to LDAP server

but the LDAP works, sure.
If I boot with compat, then logins as root, replace nsswicht (%s/compat/ ldap files/g) , then

Code:

/etc/init.d/nscd restart

then
wait 20sec around

tada ! voila !
My users are under the LDAP Server

login : myuserldap
passwd : *************

works

I am running debian stable.

Is it a bug? or can it be solved somehow for debian stable?

this bug proposed solution did not solved the bug

pff

Quote:

swasi wrote on 2009-12-15: #61

On my Debian Lenny, adding following groups and user solved the problem:
addgroup --system nvram
addgroup --system fuse
addgroup --system rdma
addgroup --system tss
addgroup --system kvm
adduser --system --no-create-home tss

Quote:

Originally Posted by acid_kewpie

a BUG? Of course it's not. You have very clearly not configured LDAP correctly. "ldaps://LDAPSERVER.HERE"??

Oups "ldaps://LDAPSERVER.HERE" was the copy from the bug since I have the client in testing and post from the ldap server. The "ldaps://LDAPSERVER.HERE" is the right ip address: ldap://192.168.10.100 of the server.
Well the bug report was similar to what I experience.
That could be explaining why it was giving so much troubles, but well, let's work on it further.

OK, seems, that I have to work on it ...

acid_kewpie · 01-15-2010, 12:54 PM

You say it doesn't work, but from all you've said it does, but there's a bit of a wait... You should check that your ldap.conf is not using hard binds, only soft ones. That can be a big reason for things to hang.

frenchn00b · 01-15-2010, 01:25 PM

Quote:

Originally Posted by acid_kewpie

You say it doesn't work, but from all you've said it does, but there's a bit of a wait... You should check that your ldap.conf is not using hard binds, only soft ones. That can be a big reason for things to hang.

thank you very much. This is so surprising. the nss bug report was reported in 2006 and still in 2009 december, it is still going on. I am wondering. I have choosed debian stable to ubuntu, to avoid extra difficulties, and well it seems that the debian stable has such problem.

But it's true: changing the libnss-ldap and libnss-db. + "bind_policy soft" in libnss-ldap.conf let boot ldap.

Code:

passwd: files db [SUCCESS=return] ldap
group: files db [SUCCESS=return] ldap
shadow: files ldap

is it a bug or not a bug. Well in my opinion a bit, or lot of users are misundertanding the configuration of ldap or the package maintainer hasnt given much attention to the bug. Well I am wondering because LDAP is a rather important package for large network.

So it works!! thank you acid_kewpie. It's amazing you know everything.
Now I have to explain how I made with my configs + tar.gz client and server... I work on it.

(in my opinion it is an unfixed bug since several years)

frenchn00b · 01-15-2010, 06:10 PM

so here is the installer program.

EASY LDAP INSTALLER
(Dialog based):

Here a screenshot: here
mirror

Download link:
http://easyldap.exofire.net/files/in...p-installer.sh
(version alpha)

Howto / how to start the program:

Quote:

cd /tmp
wget "http://easyldap.exofire.net/files/installer/easyldap-installer.sh"
sudo easyldap-installer.sh

(Version alpha, in progress, please any help and continuing the code would be very welcome for the Linux community ! )