Greetings all,
I've been reading a lot of how to's and googling and I have to say I'm left a little confused
I was wondering if someone can give me a hand here as Im a little lost and unable to authenticate a user with the ldap server.
Situation
======
The ldap server is in another department and have no idea who set it up.
However, I have been given connection/authentication strings.
There is no certificate, however, it is a simple authentication with ssl
I am currently running CentOS release 5.7 (Final) kernel 2.6.18-274.17.1.el5
As this is a client machine I did not install openldap-server.
I installed the following:
yum install -y nss_ldap.x86_64 openldap-clients.x86_64 openldap.x86_64 openldap24-libs.x86_64
verified:
rpm -qa | grep ldap
php-ldap-5.1.6-27.el5_7.4
openldap-devel-2.3.43-25.el5_8.1
openldap-2.3.43-25.el5_8.1
openldap24-libs-2.4.23-5.el5
nss_ldap-253-49.el5
openldap-clients-2.3.43-25.el5_8.1
python-ldap-2.2.0-2.1
in the /etc/ldap.conf && /etc/openldap/ldap.conf I added the following:
URI ldaps://server1.domain.com/
BASE CN=blahname,OU=AccountName,DC=server1,DC=domain,DC=com
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT never
tls_checkpeer no
binddn CN=blahname,OU=AccountName,DC=server1,DC=domain,DC=com
bindpw <supplied password>
nss_base_passwd OU=users,DC=server1,DC=domain,DC=com?one?|(allowattrib=CN)
nss_base_group OU=ident,OU=Apps,DC=server1,DC=domain,DC=com
ssl yes
pam_password exop
/etc/nsswitch file
passwd: files ldap
shadow: files ldap
group: files ldap
when i run getent passwd user
it takes about 1 sec then returns with nothing.
nothing in /var/log/messages nor in /var/log/ldap.log
when running id user
id: user: No such user
when i do a ldapsearch
ldapsearch -x -b 'DC=server1,DC=domain,DC=com' -D "CN=blahname,OU=AccountName,DC=server1,DC=domain,DC=com" '(CN=user)' -H ldaps://server1.domain.com -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
<...>
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 1
# numReferences: 1
I am able to get some results...
when I attempt to log into the server I get the following results in /var/log/secure:
Jul 30 07:58:27 test sshd[30256]: Invalid user user from XXX.XXX.XXX.XX
Jul 30 07:58:27 test sshd[30259]: input_userauth_request: invalid user user
Jul 30 07:58:36 test sshd[30256]: pam_unix(sshd:auth): check pass; user unknown
Jul 30 07:58:36 test sshd[30256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=machine.domain.com
Jul 30 07:58:36 test sshd[30256]: pam_succeed_if(sshd:auth): error retrieving information about user User
Jul 30 07:58:38 test sshd[30256]: Failed password for invalid user User from XXX.XXX.XXX.XXX port 43006 ssh2
It doesn't look like it is using ldap to authenticate
Is there something I am missing or have overlooked?
Thanks in advance