LDAP client issue


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users LDAP client issue
# 1  
Old 07-02-2011
LDAP client issue

Hello,
I'm new to Centos and to openldap. I am by trade a Solaris Admin. I'm experimenting with openldap and thought Linux would be easier to install and setup openldap on, so far this is true. The problem I'm having is that I can't get the client server to authenticate to the openldap server. I can authenticate on the server itself though. I can su to, login and shh into the openldap server and become a ldap user. I just can't become an ldap user on the client.


I didn't setup TLS/SSL. I can do that after I have it working. I'm using hashed passwords though. I don't have replication setup. I'm am tying to setup the most basic openldap environment then build from there. I have read the openldap section in the admin guide.


My setup at home.
Openldap server – light.deathnote.net -- 10.0.1.21
client server – vm-centos01.deathnote.net – 10.0.1.7 -- VM on virtualbox
Virtualbox host – L (OS MAC) – 10.0.1.2
router (apple airport extreme) / default gatway – 10.0.1.1


All computer can reach the internet and ping each other. When I installed centos I disabled SELinux.


I used these guids to setup my openldap.
Centralize user accounts with OpenLDAP
24.6.*OpenLDAP Setup Overview
Step-by-step OpenLDAP Installation and Configuration | HowtoForge - Linux Howtos and Tutorials


Below I have included some output from the files I'm using with openldap. Please Let me know if you see any errors. Any help getting my clients to work would be great thanks for reading this post.
Code:
 [root@vm-centos01 ~]# tail /var/log/messages  
 Jul  2 09:25:33 vm-centos01 xfs: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)... 
 Jul  2 09:25:49 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://light.deathnote.net: Can't contact LDAP server 
 Jul  2 09:25:49 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://10.0.1.21/: Can't contact LDAP server 
 Jul  2 09:25:49 vm-centos01 xfs: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)... 
 Jul  2 09:26:21 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://light.deathnote.net: Can't contact LDAP server 
 Jul  2 09:26:21 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://10.0.1.21/: Can't contact LDAP server 
 Jul  2 09:26:21 vm-centos01 xfs: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)... 
 Jul  2 09:27:25 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://light.deathnote.net: Can't contact LDAP server 
 Jul  2 09:27:25 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://10.0.1.21/: Can't contact LDAP server 
 Jul  2 09:27:25 vm-centos01 xfs: nss_ldap: could not search LDAP server - Server is unavailable

nothing shows up in this log on the ldap server.
Code:
 [root@vm-centos01 ~]# netstat -tuan|grep 389 
 [root@vm-centos01 ~]#  
 

 [root@light ~]#  netstat -tuan|grep 389 
 tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN       
 tcp        0      0 127.0.0.1:55958             127.0.0.1:389               ESTABLISHED  
 tcp        0      0 127.0.0.1:389               127.0.0.1:55958             ESTABLISHED  
 [root@light ~]#

There seems to be a possible network issue here.
Code:
 [root@vm-centos01 ~]# more /etc/ldap.conf
 host  light.deathnote.net
 base  dc=deathnote,dc=net
 uri   ldap://10.0.1.21/ 
 ssl off
 

 [root@light openldap]# more /etc/ldap.conf 
 host  127.0.0.1
 base  dc=deathnote,dc=net
 uri  ldap://127.0.0.1/ 
 ssl no 
 pam_password md5  
 

 [root@light openldap]# more /etc/openldapldap.conf 
 # 
 # LDAP Defaults 
 # 
  
 # See ldap.conf(5) for details 
 # This file should be world readable but not world writable. 
  
 #HOST   127.0.0.1 
 BASE dc=deathnote,dc=net 
 #URI    ldap:///light.deathnote.net ldap:///light.deathnote.net:666 
  
 #SIZELIMIT      12 
 #TIMELIMIT      15 
 #DEREF          never 
 URI ldap://127.0.0.1/ 
 #TLS_CACERTDIR /etc/openldap/cacerts 
 

 [root@vm-centos01 ~]# more /etc/pam.d/system-auth 
 #%PAM-1.0 
 # This file is auto-generated. 
 # User changes will be destroyed the next time authconfig is run. 
 auth        required      pam_env.so 
 auth        sufficient    pam_unix.so nullok try_first_pass 
 auth        requisite     pam_succeed_if.so uid >= 500 quiet 
 auth        sufficient    pam_ldap.so use_first_pass 
 auth        required      pam_deny.so 
  
 account     required      pam_unix.so broken_shadow 
 account     sufficient    pam_localuser.so 
 account     sufficient    pam_succeed_if.so uid < 500 quiet 
 account     [default=bad success=ok user_unknown=ignore] pam_ldap.so 
 account     required      pam_permit.so 
  
 password    requisite     pam_cracklib.so retry=3 
 password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok 
 password    sufficient    pam_ldap.so use_authtok 
 password    required      pam_deny.so 
  
 session     optional      pam_keyinit.so revoke 
 session     required      pam_limits.so 
 session     optional      pam_mkhomedir.so 
 session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid 
 session     required      pam_unix.so 
 session     optional      pam_ldap.so 
 

 [root@vm-centos01 ~]# more /etc/sysconfig/authconfig  
 USEWINBINDAUTH=no 
 USEKERBEROS=no 
 USESYSNETAUTH=no 
 USEPAMACCESS=no 
 USEMKHOMEDIR=yes 
 FORCESMARTCARD=no 
 USESMBAUTH=no 
 USESMARTCARD=no 
 USELDAPAUTH=yes 
 USEDB=no 
 USEWINBIND=no 
 USESHADOW=yes 
 PASSWDALGORITHM=md5 
 USEHESIOD=no 
 USELDAP=yes 
 USELOCAUTHORIZE=yes 
 USEPASSWDQC=no 
 USECRACKLIB=yes 
 USENIS=no 
 USEMD5=yes
 [root@vm-centos01 ~]#  
 

 /etc/nsswitch.conf
 passwd:     files ldap 
 shadow:     files ldap 
 group:      files ldap 
 hosts:      files dns
 

 [root@light openldap]# more slapd.conf
 include         /etc/openldap/schema/core.schema 
 include         /etc/openldap/schema/cosine.schema 
 include         /etc/openldap/schema/inetorgperson.schema 
 include         /etc/openldap/schema/nis.schema 
 

 loglevel        296 
 

 pidfile         /var/run/openldap/slapd.pid access to attrs=shadowLastChange,userPassword 
         by anonymous auth 
         by self write 
         by * auth 
  
 access to * 
         by * read 
 argsfile        /var/run/openldap/slapd.args 
 

 database        bdb 
 suffix          "dc=deathnote,dc=net" 
 rootdn          "cn=Manager,dc=deathnote,dc=net" 
 rootpw          {SSHA}/ZKRMzbmnEVoUNdqx3T1gsh2AmyvJmCi
 

 directory       /var/lib/ldap
 

 # Indices to maintain for this database 
 index objectClass                       eq,pres 
 index ou,cn,mail,surname,givenname      eq,pres,sub 
 index uidNumber,gidNumber,loginShell    eq,pres 
 index uid,memberUid                     eq,pres,sub 
 index nisMapName,nisMapEntry            eq,pres,sub

Any help would be great.

---------- Post updated at 03:06 PM ---------- Previous update was at 12:39 PM ----------

I found out what the issue was. I just need to open port 389 on the firewall. I wish when people create guides, on how to do things, they would tell you to do these things.

Maybe this will help othes as well.

Last edited by bitlord; 07-02-2011 at 04:08 PM.. Reason: Code tags, please...
# 2  
Old 07-04-2011
set the loglevel and check the logs after restarting.


Chapter 6 LDAP Configuration


also try using the ldapsearch verbose options.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

2. Solaris

LDAP server and client configuration in Solaris 10

How do i install ldap server and client in solaris server how to configure ldap server and client please help me (1 Reply)
Discussion started by: ainstin
1 Replies

3. AIX

AIX 5.2 ldap client AD

I have been able to configure on an AIX 5.2 ldap.cfg so service starts correctly. but when I try to log on with a windows user after entering the password login hangs and get no response. I have set it up on Aix 5.3 with no problem but in Aix 5.2 I have not been able to log in. ldap.cfg... (1 Reply)
Discussion started by: laxtnog
1 Replies

4. AIX

LDAP authentication client issue

Hi, I am trying to authenticate AIX server against a IDS LDAP instance. The AIX version is 6.1 and TDS client is 6.1. I configured the secldapclntd using ldap.cfg file and changed /etc/security/user to set SYSTEM=LDAP, registry=LDAP for one user. Below are the ldap.cfg configurations - ... (5 Replies)
Discussion started by: vs1
5 Replies

5. Solaris

LDAP client config GSSAPI

Configure ldap client: I have configured my ldapclient with the AuthenticationMethod=simple and with the credentialLevel=proxy. However, as soon as i want to set the AuthenticationMethod=sasl/GSSAPI, and credentiallevel=self, then it fails to configure. Kerberos is already setup successfully. The... (0 Replies)
Discussion started by: Henk Trumpie
0 Replies

6. Solaris

Empty LDAP client file

Hi All, I am getting one strange problem of empty LDAP_client_ file. There was one /var 100% overload issue few days back. After that we are observing this new issue. I got to know about similar issue SunSolve Bug ID 6495683 - “LDAP client files & cred files are deleted when /var is full”... (1 Reply)
Discussion started by: ailnilanjan
1 Replies

7. AIX

Where to download ldap.client lpp

Hello, I am trying to configure an AIX machina to authenticate against a Windows 2003 AD, and I am desesperately trying to find the ldap.client lpp in the internet. I am using AIX 5.3 and I don't have access to the DVD media, please help! Thankyou, Tiago (2 Replies)
Discussion started by: tiagoskid
2 Replies

8. Solaris

LDAP client config.

Hi Gurus I am a novice in LDAP and need to configure an LDAP client(Solaris 10). The client has to bind to an AD for LDAP queries. I have created a user called testbind in AD for binding purpose. I am planning to configure LDAP client manually(as the requirement is as such). This is the... (16 Replies)
Discussion started by: Renjesh
16 Replies

9. Solaris

ldap client fails to start under solaris 10

I have an issue here with ldap client. It stoped and won't start. What I have got: sadm $ tail /var/adm/messages Apr 16 09:17:24 hostname inetd: libsldap: Status: 2 Mesg: Unable to load configuration '/var/ldap/ldap_client_file' (''). Apr 16 09:17:24 hostname inetd: libsldap: Status: 2 ... (3 Replies)
Discussion started by: aixlover
3 Replies

10. UNIX for Dummies Questions & Answers

AIX v5.3 LDAP CLIENT and AD

Has anyone successfully authenticated unix users via Active Directory using LDAP client on AIX v5.2 or v5.3?? ldapsearch from our unix box retrieves info from AD but having trouble authenticating unix id when I logon - get a msg ': 3004-318 Error obtaining the user's password information'. Not... (0 Replies)
Discussion started by: DANNYC
0 Replies
Login or Register to Ask a Question