Hi,<br><br>Can anyone point me to some good documentation that shows how
to get Ubuntu 11.04 (GNU/Linux 2.6.38-8-server x86_64) working as a
client with 389 Directory Server?<br><br>I have tried following <a href="https://help.ubuntu.com/community/FedoraDirectoryServerClientHowto" target="_blank">https://help.ubuntu.com/community/FedoraDirectoryServerClientHowto </a>but it seems to be old. /etc/pam_ldap.conf being replaced by /etc/ldap.conf.<br>
>From my experience setting up CentOS clients I expected there to also be
a config file similar to /etc/openldap/ldap.conf. It appears this is
/etc/ldap/ldap.conf.<br><br>I have also looked at <a href="https://help.ubuntu.com/community/LDAPClientAuthentication" target="_blank">https://help.ubuntu.com/community/LDAPClientAuthentication</a><br>
<br>I then came across <a href="https://help.ubuntu.com/11.04/serverguide/C/openldap-server.html#openldap-auth-config" target="_blank">https://help.ubuntu.com/11.04/serverguide/C/openldap-server.html#openldap-auth-config</a><br>
<br>And did<br>
<br>sudo dpkg-reconfigure ldap-auth-config<br>sudo auth-client-config -t nss -p lac_ldap<br>sudo pam-auth-update<br><br>Currently
a getent passwd or getent group is not returning any results from
ldap. We can see the client making connections but it doesn't seem to
be asking for any information.<br>
<br>ldapsearch -vv -x -b 'ou=Active,ou=People,dc=cms,<div id=":2a3">dc=waikato,dc=ac,dc=nz' '(objectclass=*)' appears to work correctly.<br><br>Below are the two main config files<br><br>cat /etc/ldap.conf | grep -v '^#' | grep -v '^$'<br>
base ou=Active,ou=People,dc=cms,dc=waikato,dc=ac,dc=nz<br>ldap_version 3<br>pam_member_attribute uniquemember<br>pam_password clear<br>uri ldap://<a href="http://inf2.cms.waikato.ac.nz/" target="_blank">inf2.cms.waikato.ac.nz/</a><br>
tls_cacertdir /etc/ssl/certs<br>
pam_password_prohibit_message Please visit <a href="https://secure.scms.waikato.ac.nz/password/" target="_blank">https://secure.scms.waikato.ac.nz/password/</a> to change your password.<br>ssl start_tls<br>nss_base_passwd ou=Active,ou=People,dc=cms,dc=waikato,dc=ac,dc=nz?sub<br>
nss_base_shadow ou=Active,ou=People,dc=cms,dc=waikato,dc=ac,dc=nz?sub<br>nss_base_group ou=Active,ou=People,dc=cms,dc=waikato,dc=ac,dc=nz?sub<br>nss_base_netgroup ou=Active,ou=People,dc=cms,dc=waikato,dc=ac,dc=nz?sub<br>
nss_map_attribute uniqueMember memberUid<br>nss_initgroups_ignoreusers avahi,backup,bin,daemon,games,gnats,irc,landscape,libuuid,list,lp,mail,man,messagebus,nagios,news,ntp,postfix,proxy,root,sshd,sync,sys,syslog,uucp,www-data<br>
nss_reconnect_tries 5 # no. of times to double the sleep time<br>nss_reconnect_sleeptime 4 # initial sleep value<br>nss_reconnect_maxsleeptime 64 # max sleep value to cap at<br>nss_reconnect_maxconntries 2<br>
<br><br>cat /etc/ldap/ldap.conf | grep -v '^#' | grep -v '^$'<br>URI ldap://<a href="http://inf2.cms.waikato.ac.nz/" target="_blank">inf2.cms.waikato.ac.nz/</a><br>BASE ou=Active,ou=People,dc=cms,dc=waikato,dc=ac,dc=nz<br>
TLS_CACERTDIR /etc/ssl/certs<br><br>From /var/log/auth we see<br><br>Jun 22 13:52:28 wdm2 getent: nss_ldap: reconnecting to LDAP server...<br>Jun 22 13:52:28 wdm2 getent: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...<br>
Jun 22 13:52:32 wdm2 getent: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...<br>Jun 22 13:56:50 wdm2 getent: nss_ldap: reconnecting to LDAP server...<br>Jun 22 13:56:50 wdm2 getent: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...<br>
Jun 22 13:56:54 wdm2 getent: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...<br>Jun 22 13:57:02 wdm2 getent: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...<br><br>To see all config files go to <a href="http://www.scms.waikato.ac.nz/%7Eclintd/ubuntu-ldap/etc/" target="_blank">http://www.scms.waikato.ac.nz/~clintd/ubuntu-ldap/etc/</a><br>
<br>Thank you for any insight you can offer relating to this issue.</div>