[389-users] Help getting an Ubuntu Client to work with 389 Directory Server - specifically Ubuntu 11.04 (GNU/Linux 2.6.38-8-server x86_64)

Clint Dilks clintd at waikato.ac.nz
Wed Jun 22 03:18:51 UTC 2011


Hi,

Can anyone point me to some good documentation that shows how to get Ubuntu
11.04 (GNU/Linux 2.6.38-8-server x86_64) working as a client with 389
Directory Server?

I have tried following
https://help.ubuntu.com/community/FedoraDirectoryServerClientHowto
but it seems to be old.  /etc/pam_ldap.conf being replaced by
/etc/ldap.conf.
>From my experience setting up CentOS clients I expected there to also be a
config file similar to /etc/openldap/ldap.conf.  It appears this is
/etc/ldap/ldap.conf.

I have also looked at
https://help.ubuntu.com/community/LDAPClientAuthentication

I then came across
https://help.ubuntu.com/11.04/serverguide/C/openldap-server.html#openldap-auth-config

And did

sudo dpkg-reconfigure ldap-auth-config
sudo auth-client-config -t nss -p lac_ldap
sudo pam-auth-update

Currently a getent passwd or getent group is not returning any results from
ldap.  We can see the client making connections but it doesn't seem to be
asking for any information.

ldapsearch -vv -x -b 'ou=Active,ou=People,dc=cms,
dc=waikato,dc=ac,dc=nz' '(objectclass=*)' appears to work correctly.

Below are the two main config files

cat /etc/ldap.conf | grep -v '^#' | grep -v '^$'
base ou=Active,ou=People,dc=cms,dc=waikato,dc=ac,dc=nz
ldap_version 3
pam_member_attribute uniquemember
pam_password clear
uri ldap://inf2.cms.waikato.ac.nz/
tls_cacertdir /etc/ssl/certs
pam_password_prohibit_message Please visit
https://secure.scms.waikato.ac.nz/password/ to change your password.
ssl start_tls
nss_base_passwd      ou=Active,ou=People,dc=cms,dc=waikato,dc=ac,dc=nz?sub
nss_base_shadow      ou=Active,ou=People,dc=cms,dc=waikato,dc=ac,dc=nz?sub
nss_base_group       ou=Active,ou=People,dc=cms,dc=waikato,dc=ac,dc=nz?sub
nss_base_netgroup    ou=Active,ou=People,dc=cms,dc=waikato,dc=ac,dc=nz?sub
nss_map_attribute uniqueMember memberUid
nss_initgroups_ignoreusers
avahi,backup,bin,daemon,games,gnats,irc,landscape,libuuid,list,lp,mail,man,messagebus,nagios,news,ntp,postfix,proxy,root,sshd,sync,sys,syslog,uucp,www-data
nss_reconnect_tries 5         # no. of times to double the sleep time
nss_reconnect_sleeptime 4     # initial sleep value
nss_reconnect_maxsleeptime 64 # max sleep value to cap at
nss_reconnect_maxconntries 2


cat /etc/ldap/ldap.conf | grep -v '^#' | grep -v '^$'
URI ldap://inf2.cms.waikato.ac.nz/
BASE ou=Active,ou=People,dc=cms,dc=waikato,dc=ac,dc=nz
TLS_CACERTDIR /etc/ssl/certs

>From /var/log/auth we see

Jun 22 13:52:28 wdm2 getent: nss_ldap: reconnecting to LDAP server...
Jun 22 13:52:28 wdm2 getent: nss_ldap: reconnecting to LDAP server (sleeping
4 seconds)...
Jun 22 13:52:32 wdm2 getent: nss_ldap: reconnecting to LDAP server (sleeping
8 seconds)...
Jun 22 13:56:50 wdm2 getent: nss_ldap: reconnecting to LDAP server...
Jun 22 13:56:50 wdm2 getent: nss_ldap: reconnecting to LDAP server (sleeping
4 seconds)...
Jun 22 13:56:54 wdm2 getent: nss_ldap: reconnecting to LDAP server (sleeping
8 seconds)...
Jun 22 13:57:02 wdm2 getent: nss_ldap: reconnecting to LDAP server (sleeping
16 seconds)...

To see all config files go to
http://www.scms.waikato.ac.nz/~clintd/ubuntu-ldap/etc/

Thank you for any insight you can offer relating to this issue.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110622/117082ea/attachment.html>


More information about the 389-users mailing list