01-24-2013
OpenLDAP Server Configuration error
I followed the guide from the below link to set up a ldap server. After everything is finished, I configured a client for ldap authentication and I can search the entries in ldap using the command
ldapsearch -x ZZ but when I am trying to login to the client using a ldap user, the prompt just keeps waiting. I found the below log from the ldap server side.
Log for successful search from client side
Jan 24 11:34:00 server3 slapd[11086]: conn=1012 fd=19 ACCEPT from IP=<CLIENT-IP>:22759 (IP=0.0.0.0:389)
Jan 24 11:34:00 server3 slapd[11086]: conn=1012 op=0 BIND dn="" method=128
Jan 24 11:34:00 server3 slapd[11086]: conn=1012 op=0 RESULT tag=97 err=0 text=
Jan 24 11:34:00 server3 slapd[11086]: conn=1012 op=1 SRCH base="<DOMAIN>" scope=2 deref=0 filter="(objectClass=*)"
Jan 24 11:34:00 server3 slapd[11086]: conn=1012 op=1 SRCH attr=ZZ
Jan 24 11:34:00 server3 slapd[11086]: conn=1012 op=1 SEARCH RESULT tag=101 err=0 nentries=6 text=
Jan 24 11:34:00 server3 slapd[11086]: conn=1012 op=2 UNBIND
Jan 24 11:34:00 server3 slapd[11086]: conn=1012 fd=19 closed
Log for unsuccessful ldap user login from client side
Jan 24 11:35:23 server3 slapd[11086]: conn=1013 fd=19 ACCEPT from IP=<CLIENT-IP>:53501 (IP=0.0.0.0:389)
Jan 24 11:35:23 server3 slapd[11086]: conn=1013 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jan 24 11:35:23 server3 slapd[11086]: conn=1013 op=0 STARTTLS
Jan 24 11:35:23 server3 slapd[11086]: conn=1013 op=0 RESULT oid= err=0 text=
Guide Link
http://cheenu-y2k.blogspot.in/2011/0...r-configuratio
10 More Discussions You Might Find Interesting
1. SCO
Hi,
Any one can help me to configure print server in SCO Unixware. I don't have any idea in this context. Any help would be highly appreciated.
Best Regards,
Tayyab (1 Reply)
Discussion started by: tayyabq8
1 Replies
2. Linux
Hello,
I use fedora linux. I want to configure my FTP server. Actually, I don't know anything about this server except that I know I have installed it. Please guide me with this.
Thx (1 Reply)
Discussion started by: HSN
1 Replies
3. Solaris
hi
Please give me the configuration steps for NTP server.
How do i sync other servers with this NTP server
thanks to all (1 Reply)
Discussion started by: sijocg
1 Replies
4. SCO
hi,
I am new to this forum as well new to unix . i also wish to know the commands to find out the configuration of our server.
i did try these commands
uname -a and it gave this
unixware agk2 5 7.1.4 i386 x86at sco unix - svr5.
i did try out these commands to get more info on
cpu... (11 Replies)
Discussion started by: lacchhii
11 Replies
5. Solaris
I m using Intel solaris 10 version . I m trying to install openldap and used several documents and package versions .
But every time I got CC PATH error and while I solved the CC issue , I got Barkley DB error . :wall:
Is there any perticular site from where I can install and configure... (1 Reply)
Discussion started by: sanjee
1 Replies
6. Linux
Dear all,
I am working on Centos 6 (2.6.32-71.29.1.el6.x86_64).
After removing openldap (openldap-2.4.19-15.el6.x86_64), i can not perform command yum (or /usr/bin/yum).
*Here is error:
# yum search anypackage
There was a problem importing one of the Python modules
required to run yum.... (1 Reply)
Discussion started by: all4cfa
1 Replies
7. Solaris
Greetings!
I have a Solaris workstation that I use for web hosting. It runs SAMP and everything was working good for me until I got a need to add a couple of co-workers to help me with development. I'm trying to find some guidance for how to set up filesystem permissions so everybody would be... (3 Replies)
Discussion started by: pn8830
3 Replies
8. AIX
Hi folks,
How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL?
It works like a charm without TLS/SSL.
i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.... (6 Replies)
Discussion started by: paco699
6 Replies
9. Web Development
Hello list,
I want to be able to send email directly from my linux box. I have both a CentOS and Debian installation. I am by no means an expert when it comes to all of the SMTP servers. I have been testing different configs by installing and uninstalling sendmail, postfix, and exim4.
... (2 Replies)
Discussion started by: landossa
2 Replies
10. UNIX for Beginners Questions & Answers
Hi,
we are setting up an hadoop environment in Azure. we are having java 7 installed and below steps which i have completed and getting error while as "ldap_bind: Invalid credentials (49)" doing ldapsearch
1. I have installed openldap-servers.x86_64 openldap-clients.x86_64... (2 Replies)
Discussion started by: Bibhusisa
2 Replies
LEARN ABOUT SUSE
autofs_ldap_auth.conf
AUTOFS_LDAP_AUTH.CONF(5) File Formats Manual AUTOFS_LDAP_AUTH.CONF(5)
NAME
autofs_ldap_auth.conf - autofs LDAP authentication configuration
DESCRIPTION
LDAP authenticated binds, TLS encrypted connections and certification may be used by setting appropriate values in the autofs authentica-
tion configuration file and configuring the LDAP client with appropriate settings. The default location of this file is
/etc/autofs_ldap_auth.conf. If this file exists it will be used to establish whether TLS or authentication should be used.
An example of this file is:
<?xml version="1.0" ?>
<autofs_ldap_sasl_conf
usetls="yes"
tlsrequired="no"
authrequired="no"
authtype="DIGEST-MD5"
user="xyz"
secret="abc"
/>
If TLS encryption is to be used the location of the Certificate Authority certificate must be set within the LDAP client configuration in
order to validate the server certificate. If, in addition, a certified connection is to be used then the client certificate and private key
file locations must also be configured within the LDAP client.
OPTIONS
This files contains a single XML element, as shown in the example above, with several attributes.
The possible attributes are:
usetls="yes"|"no"
Determines whether an encrypted connection to the ldap server should be attempted.
tlsrequired="yes"|"no"
This flag tells whether the ldap connection must be encrypted. If set to "yes", the automounter will fail to start if an encrypted
connection cannot be established.
authrequired="yes"|"no"|"autodetect"|"simple"
This option tells whether an authenticated connection to the ldap server is required in order to perform ldap queries. If the flag
is set to yes, only sasl authenticated connections will be allowed. If it is set to no then authentication is not needed for ldap
server connections. If it is set to autodetect then the ldap server will be queried to establish a suitable sasl authentication
mechanism. If no suitable mechanism can be found, connections to the ldap server are made without authentication. Finally, if it is
set to simple, then simple authentication will be used instead of SASL.
authtype="GSSAPI"|"LOGIN"|"PLAIN"|"ANONYMOUS"|"DIGEST-MD5"
This attribute can be used to specify a preferred authentication mechanism.
In normal operations, the automounter will attempt to authenticate to the ldap server using the list of supportedSASLmechanisms ob-
tained from the directory server. Explicitly setting the authtype will bypass this selection and only try the mechanism specified.
user="<username>"
This attribute holds the authentication identity used by authentication mechanisms that require it. Legal values for this attribute
include any printable characters that can be used by the selected authentication mechanism.
secret="<password>"
This attribute holds the secret used by authentication mechanisms that require it. Legal values for this attribute include any
printable characters that can be used by the selected authentication mechanism.
clientprinc="<GSSAPI client principal>"
When using GSSAPI authentication, this attribute is consulted to determine the principal name to use when authenticating to the di-
rectory server. By default, this will be set to "autofsclient/<fqdn>@<REALM>.
credentialcache="<external credential cache path>"
When using GSSAPI authentication, this attribute can be used to specify an externally configured credential cache that is used dur-
ing authentication. By default, autofs will setup a memory based credential cache.
SEE ALSO
auto.master(5),
AUTHOR
This manual page was written by Ian Kent <raven@themaw.net>.
19 Feb 2010 AUTOFS_LDAP_AUTH.CONF(5)