LDAP client issue | Unix Linux Forums | UNIX for Advanced & Expert Users

  Go Back    


UNIX for Advanced & Expert Users Expert-to-Expert. Learn advanced UNIX, UNIX commands, Linux, Operating Systems, System Administration, Programming, Shell, Shell Scripts, Solaris, Linux, HP-UX, AIX, OS X, BSD.

LDAP client issue

UNIX for Advanced & Expert Users


Tags
ldap, openldap

Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 07-02-2011
bitlord bitlord is offline
Registered User
 
Join Date: Mar 2010
Last Activity: 23 July 2014, 12:36 PM EDT
Posts: 326
Thanks: 12
Thanked 41 Times in 39 Posts
LDAP client issue

Hello,
I'm new to Centos and to openldap. I am by trade a Solaris Admin. I'm experimenting with openldap and thought Linux would be easier to install and setup openldap on, so far this is true. The problem I'm having is that I can't get the client server to authenticate to the openldap server. I can authenticate on the server itself though. I can su to, login and shh into the openldap server and become a ldap user. I just can't become an ldap user on the client.


I didn't setup TLS/SSL. I can do that after I have it working. I'm using hashed passwords though. I don't have replication setup. I'm am tying to setup the most basic openldap environment then build from there. I have read the openldap section in the admin guide.


My setup at home.
Openldap server – light.deathnote.net -- 10.0.1.21
client server – vm-centos01.deathnote.net – 10.0.1.7 -- VM on virtualbox
Virtualbox host – L (OS MAC) – 10.0.1.2
router (apple airport extreme) / default gatway – 10.0.1.1


All computer can reach the internet and ping each other. When I installed centos I disabled SELinux.


I used these guids to setup my openldap.
Centralize user accounts with OpenLDAP
24.6.*OpenLDAP Setup Overview
Step-by-step OpenLDAP Installation and Configuration | HowtoForge - Linux Howtos and Tutorials


Below I have included some output from the files I'm using with openldap. Please Let me know if you see any errors. Any help getting my clients to work would be great thanks for reading this post.

Code:
 [root@vm-centos01 ~]# tail /var/log/messages  
 Jul  2 09:25:33 vm-centos01 xfs: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)... 
 Jul  2 09:25:49 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://light.deathnote.net: Can't contact LDAP server 
 Jul  2 09:25:49 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://10.0.1.21/: Can't contact LDAP server 
 Jul  2 09:25:49 vm-centos01 xfs: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)... 
 Jul  2 09:26:21 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://light.deathnote.net: Can't contact LDAP server 
 Jul  2 09:26:21 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://10.0.1.21/: Can't contact LDAP server 
 Jul  2 09:26:21 vm-centos01 xfs: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)... 
 Jul  2 09:27:25 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://light.deathnote.net: Can't contact LDAP server 
 Jul  2 09:27:25 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://10.0.1.21/: Can't contact LDAP server 
 Jul  2 09:27:25 vm-centos01 xfs: nss_ldap: could not search LDAP server - Server is unavailable

nothing shows up in this log on the ldap server.

Code:
 [root@vm-centos01 ~]# netstat -tuan|grep 389 
 [root@vm-centos01 ~]#  
 

 [root@light ~]#  netstat -tuan|grep 389 
 tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN       
 tcp        0      0 127.0.0.1:55958             127.0.0.1:389               ESTABLISHED  
 tcp        0      0 127.0.0.1:389               127.0.0.1:55958             ESTABLISHED  
 [root@light ~]#

There seems to be a possible network issue here.

Code:
 [root@vm-centos01 ~]# more /etc/ldap.conf
 host  light.deathnote.net
 base  dc=deathnote,dc=net
 uri   ldap://10.0.1.21/ 
 ssl off
 

 [root@light openldap]# more /etc/ldap.conf 
 host  127.0.0.1
 base  dc=deathnote,dc=net
 uri  ldap://127.0.0.1/ 
 ssl no 
 pam_password md5  
 

 [root@light openldap]# more /etc/openldapldap.conf 
 # 
 # LDAP Defaults 
 # 
  
 # See ldap.conf(5) for details 
 # This file should be world readable but not world writable. 
  
 #HOST   127.0.0.1 
 BASE dc=deathnote,dc=net 
 #URI    ldap:///light.deathnote.net ldap:///light.deathnote.net:666 
  
 #SIZELIMIT      12 
 #TIMELIMIT      15 
 #DEREF          never 
 URI ldap://127.0.0.1/ 
 #TLS_CACERTDIR /etc/openldap/cacerts 
 

 [root@vm-centos01 ~]# more /etc/pam.d/system-auth 
 #%PAM-1.0 
 # This file is auto-generated. 
 # User changes will be destroyed the next time authconfig is run. 
 auth        required      pam_env.so 
 auth        sufficient    pam_unix.so nullok try_first_pass 
 auth        requisite     pam_succeed_if.so uid >= 500 quiet 
 auth        sufficient    pam_ldap.so use_first_pass 
 auth        required      pam_deny.so 
  
 account     required      pam_unix.so broken_shadow 
 account     sufficient    pam_localuser.so 
 account     sufficient    pam_succeed_if.so uid < 500 quiet 
 account     [default=bad success=ok user_unknown=ignore] pam_ldap.so 
 account     required      pam_permit.so 
  
 password    requisite     pam_cracklib.so retry=3 
 password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok 
 password    sufficient    pam_ldap.so use_authtok 
 password    required      pam_deny.so 
  
 session     optional      pam_keyinit.so revoke 
 session     required      pam_limits.so 
 session     optional      pam_mkhomedir.so 
 session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid 
 session     required      pam_unix.so 
 session     optional      pam_ldap.so 
 

 [root@vm-centos01 ~]# more /etc/sysconfig/authconfig  
 USEWINBINDAUTH=no 
 USEKERBEROS=no 
 USESYSNETAUTH=no 
 USEPAMACCESS=no 
 USEMKHOMEDIR=yes 
 FORCESMARTCARD=no 
 USESMBAUTH=no 
 USESMARTCARD=no 
 USELDAPAUTH=yes 
 USEDB=no 
 USEWINBIND=no 
 USESHADOW=yes 
 PASSWDALGORITHM=md5 
 USEHESIOD=no 
 USELDAP=yes 
 USELOCAUTHORIZE=yes 
 USEPASSWDQC=no 
 USECRACKLIB=yes 
 USENIS=no 
 USEMD5=yes
 [root@vm-centos01 ~]#  
 

 /etc/nsswitch.conf
 passwd:     files ldap 
 shadow:     files ldap 
 group:      files ldap 
 hosts:      files dns
 

 [root@light openldap]# more slapd.conf
 include         /etc/openldap/schema/core.schema 
 include         /etc/openldap/schema/cosine.schema 
 include         /etc/openldap/schema/inetorgperson.schema 
 include         /etc/openldap/schema/nis.schema 
 

 loglevel        296 
 

 pidfile         /var/run/openldap/slapd.pid access to attrs=shadowLastChange,userPassword 
         by anonymous auth 
         by self write 
         by * auth 
  
 access to * 
         by * read 
 argsfile        /var/run/openldap/slapd.args 
 

 database        bdb 
 suffix          "dc=deathnote,dc=net" 
 rootdn          "cn=Manager,dc=deathnote,dc=net" 
 rootpw          {SSHA}/ZKRMzbmnEVoUNdqx3T1gsh2AmyvJmCi
 

 directory       /var/lib/ldap
 

 # Indices to maintain for this database 
 index objectClass                       eq,pres 
 index ou,cn,mail,surname,givenname      eq,pres,sub 
 index uidNumber,gidNumber,loginShell    eq,pres 
 index uid,memberUid                     eq,pres,sub 
 index nisMapName,nisMapEntry            eq,pres,sub

Any help would be great.

---------- Post updated at 03:06 PM ---------- Previous update was at 12:39 PM ----------

I found out what the issue was. I just need to open port 389 on the firewall. I wish when people create guides, on how to do things, they would tell you to do these things.

Maybe this will help othes as well.

Last edited by bitlord; 07-02-2011 at 03:08 PM.. Reason: Code tags, please...
Sponsored Links
    #2  
Old 07-04-2011
frank_rizzo frank_rizzo is offline Forum Advisor  
Resident BOFH
 
Join Date: Dec 2007
Last Activity: 17 April 2014, 9:38 PM EDT
Posts: 1,136
Thanks: 2
Thanked 88 Times in 85 Posts
set the loglevel and check the logs after restarting.


Chapter 6 LDAP Configuration


also try using the ldapsearch verbose options.
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
ldap.client.rte zaxxon AIX 2 04-18-2011 04:28 AM
LDAP client config GSSAPI Henk Trumpie Solaris 0 01-25-2011 06:32 AM
Where to download ldap.client lpp tiagoskid AIX 2 08-05-2009 09:47 AM
LDAP client config. Renjesh Solaris 16 04-20-2009 07:41 AM
AIX v5.3 LDAP CLIENT and AD DANNYC UNIX for Dummies Questions & Answers 0 02-03-2005 02:03 PM



All times are GMT -4. The time now is 06:20 AM.