Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This is driving me nuts! Anyway, have openldap running on a RH server working fine. I can query it via ldapsearch as well as running apache locally with phpLdapAdmin and can login, etc. so I know all is well.
Now the client part is driving me iNsAnE! I read 100 different articles all say different things so I have to say someone out here has it working! My test client Fedora, I run the system-config-authentication, select ldap and the proper info for both User and Authentication. Logout, login as my test ldap user (not on the local box) and nothing, nothing on the ldap server either.
The nss-ldap and ldap-conf files are updated correctly via the above config, so I need someone to throw some suggestions, ideas or something this way.
ok, well in general you need demarcation points... the getent tool lets you pull down the systems view of your passwd database, shadow, group and other things. if you do a "getent passwd" you'll see all possible users that the system recognises could log in to your system. you'll see the local data, the ldap data and any other user sources. that'll let you see what ldap data is being pulled back. it's quite possible that you're getting some data, but not all of it. when i was trying to get ldap connectivity to Active Directory, i had issues like i wasn't providing UID's from it... also a packet sniffer is (imho) a very useful tool. if you are not using ldaps then you can see if the server is actually giving you data back from a tool like wireshark. also the redhat tool itself is insufficient. you *should* need to bind with a real user account, not anonymously, something that the redhat tool doesn't even let you specify. use the tool for a base, then edit your /etc/ldap.conf to actually make it work.
ok, well since reading, I did update the ldap.conf with some connection info and see that it's failing so I am taking a step forward and back as I am getting errors in the client log file. Taking a step back, I am trying to understand who bind's to query. In the ldap, I have the admin (cn=admin, ou=employees,dc=company,dc=com). The question / problem here lies in the ldap.conf file because playing with that causes the errors;
There are 2 bind's, the 1st is a binddn the other rootbind, I assume either of them could bind as the admin above and I guess there should be another user who can bind w/o admin functionality, but for now, I just want this to work, then can tweak. If I use the above as either the binddn or rootbinddn and comment bindpw, in the messages file I get;
nss_ldapL failed to bind to LDAP server .... Invalid credentials (which is good)
If I uncomment the bindpw, save and re-issue the getent it runs through the local and hangs (wireshark locks up) and I must force quit.
So at least I get feedback, the admin password is encrypted so I am sure the bindpw has to show that, but how can I echo (for lack of a better term) that password in that format to put in the ldap.conf file?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.