On Tue, Jun 16, 2009 at 5:36 PM, <jaj(a)teamlog.com> wrote:
Hello,
I try to authenticate my users with ldap on cobbler (1.6.2-1.el5).
It's ok if I use following parameters :
ldap_server: "ldap.example.com"
ldap_base_dn: "ou=people,dc=example,dc=com"
ldap_port: 389
ldap_tls: 1
ldap_anonymous_bind: 1
ldap_search_bind_dn: ''
ldap_search_passwd: ''
ldap_search_prefix: 'uid='
On the ldap server side I have :
slapd[12978]: conn=98188 fd=45 ACCEPT from IP=172.24.113.35:58129
(IP=0.0.0.0:389)
slapd[12978]: conn=98188 op=0 STARTTLS
slapd[12978]: conn=98188 op=0 RESULT oid= err=0 text=
slapd[12978]: conn=98188 fd=45 TLS established tls_ssf=256 ssf=256
But it's not working when I use ldaps.
With following parameters :
ldap_server: "ldap.example.com"
ldap_base_dn: "ou=people,dc=example,dc=com"
ldap_port: 636
ldap_tls: 1
ldap_anonymous_bind: 1
ldap_search_bind_dn: ''
ldap_search_passwd: ''
ldap_search_prefix: 'uid='
The demo_connect python script raises this error :
# python /tmp/demo_connect.py --user=USER
- trying to login with user=USER
Traceback (most recent call last):
File "/tmp/demo_connect.py", line 37, in ?
token = sp.login(options.user,options.password)
File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__
return self.__send(self.__name, args)
File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request
verbose=self.__verbose
File "/usr/lib64/python2.4/xmlrpclib.py", line 1147, in request
return self._parse_response(h.getfile(), sock)
File "/usr/lib64/python2.4/xmlrpclib.py", line 1286, in _parse_response
return u.close()
File "/usr/lib64/python2.4/xmlrpclib.py", line 744, in close
raise Fault(**self._stack[0])
xmlrpclib.Fault: <Fault 1: 'exceptions.IOError:[Errno 9] Bad file
descriptor'>
And with following parameters :
ldap_server: "ldap.example.com"
ldap_base_dn: "ou=people,dc=example,dc=com"
ldap_port: 636
ldap_tls: 0
ldap_anonymous_bind: 1
ldap_search_bind_dn: ''
ldap_search_passwd: ''
ldap_search_prefix: 'uid='
I obtain this error :
# python /tmp/demo_connect.py --user=USER
- trying to login with user=USER
Traceback (most recent call last):
File "/tmp/demo_connect.py", line 37, in ?
token = sp.login(options.user,options.password)
File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__
return self.__send(self.__name, args)
File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request
verbose=self.__verbose
File "/usr/lib64/python2.4/xmlrpclib.py", line 1147, in request
return self._parse_response(h.getfile(), sock)
File "/usr/lib64/python2.4/xmlrpclib.py", line 1286, in _parse_response
return u.close()
File "/usr/lib64/python2.4/xmlrpclib.py", line 744, in close
raise Fault(**self._stack[0])
xmlrpclib.Fault: <Fault 1: 'ldap.SERVER_DOWN:{\'desc\': "Can\'t
contact
LDAP server"}'>
On the ldap server side I have :
slapd[12978]: conn=98193 fd=45 ACCEPT from IP=172.24.113.35:40328
(IP=0.0.0.0:636)
slapd[12978]: conn=98193 fd=45 closed (TLS negotiation failure)
I read on the mailing list that somebody had a similar problem on Active
Directory but I haven't found the solution.
Thanks for your help.
Is your openldap server listening on port 636? On Rhel and Fedora you
have to enable that in /etc/sysconfig/ldap.
Ruben