[389-users] ldapsearch is fine but from authentication purpose its not doing anything
Fosiul Alam
fosiul at gmail.com
Sat Jul 28 18:21:25 UTC 2012
yes its
rpm -qa | grep nss_ldap
nss_ldap-253-49.el5
nss_ldap-253-49.el5
i there is some other problem ..
example :
when i execute this :
ldapsearch -x -ZZ -D "cn=Directory Manager" -w meditation -h
ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
i get output
example :
ldapsearch -x -ZZ -D "cn=Directory Manager" -w xxxx -h
ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
# extended LDIF
#
# LDAPv3
# base <dc=fosiul,dc=lan> with scope subtree
# filter: (cn=Fosiul Alam)
# requesting: ALL
#
# falam, users, uk, fosiul.lan
dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
givenName: Fosiul
sn: Alam
loginShell: /bin/bash/bash
uidNumber: 1000
gidNumber: 3000
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
uid: falam
cn: Fosiul Alam
homeDirectory: /home/falam
userPassword:: e1NTSEF9bkM0dyFlLaFlJYUVPclZHRENiT1Y2RnA1MDAwdnZZQ1E9PQ=
=
# search result
search: 3
result: 0 Success
# numResponses: 2
# numEntries: 1
when i do this ( i dont get anythin)
==================
ldapsearch -x -ZZ -D "uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" -w
xxxxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
dn cn sn
# extended LDIF
#
# LDAPv3
# base <dc=fosiul,dc=lan> with scope subtree
# filter: (cn=Fosiul Alam)
# requesting: dn cn sn
#
# search result
search: 3
result: 0 Success
# numResponses: 1
and log i get :
[28/Jul/2012:19:18:48 +0100] conn=141 fd=69 slot=69 connection from
192.0.0.4 to 192.0.0.9
[28/Jul/2012:19:18:48 +0100] conn=141 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[28/Jul/2012:19:18:48 +0100] conn=141 op=0 RESULT err=0 tag=120
nentries=0 etime=0
[28/Jul/2012:19:18:48 +0100] conn=141 SSL 256-bit AES
[28/Jul/2012:19:18:48 +0100] conn=141 op=1 BIND
dn="uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" method=128 version=3
[28/Jul/2012:19:18:48 +0100] conn=141 op=1 RESULT err=0 tag=97
nentries=0 etime=0 dn="uid=falam,ou=users,l=uk,dc=fosiul,dc=lan"
[28/Jul/2012:19:18:48 +0100] conn=141 op=2 SRCH
base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)"
attrs="distinguishedName cn sn"
[28/Jul/2012:19:18:48 +0100] conn=141 op=2 RESULT err=0 tag=101
nentries=0 etime=0
[28/Jul/2012:19:18:48 +0100] conn=141 op=3 UNBIND
[28/Jul/2012:19:18:48 +0100] conn=141 op=3 fd=69 closed - U1
do know where is the problem
but its not working
On Sat, Jul 28, 2012 at 7:13 PM, Grzegorz Dwornicki <gd1100 at gmail.com> wrote:
> Do you have nss_ldap installed?
>
> 28-07-2012 18:58, "Fosiul Alam" <fosiul at gmail.com> napisał(a):
>
>> hi yes.. i am not using ip . i am using fully host name
>>
>> this is my nsswitch
>>
>> cat /etc/nsswitch.conf
>> #
>> # /etc/nsswitch.conf
>> #
>> # An example Name Service Switch config file. This file should be
>> # sorted with the most-used services at the beginning.
>> #
>> # The entry '[NOTFOUND=return]' means that the search for an
>> # entry should stop if the search in the previous entry turned
>> # up nothing. Note that if the search failed due to some other reason
>> # (like no NIS server responding) then the search continues with the
>> # next entry.
>> #
>> # Legal entries are:
>> #
>> # nisplus or nis+ Use NIS+ (NIS version 3)
>> # nis or yp Use NIS (NIS version 2), also called YP
>> # dns Use DNS (Domain Name Service)
>> # files Use the local files
>> # db Use the local database (.db) files
>> # compat Use NIS on compat mode
>> # hesiod Use Hesiod for user lookups
>> # [NOTFOUND=return] Stop searching if not found so far
>> #
>>
>> # To use db, put the "db" in front of "files" for entries you want to be
>> # looked up first in the databases
>> #
>> # Example:
>> #passwd: db files nisplus nis
>> #shadow: db files nisplus nis
>> #group: db files nisplus nis
>>
>> passwd: files ldap
>> shadow: files ldap
>> group: files ldap
>>
>> #hosts: db files nisplus nis dns
>> hosts: files dns
>>
>> # Example - obey only what nisplus tells us...
>> #services: nisplus [NOTFOUND=return] files
>> #networks: nisplus [NOTFOUND=return] files
>> #protocols: nisplus [NOTFOUND=return] files
>> #rpc: nisplus [NOTFOUND=return] files
>> #ethers: nisplus [NOTFOUND=return] files
>> #netmasks: nisplus [NOTFOUND=return] files
>>
>> bootparams: nisplus [NOTFOUND=return] files
>>
>> ethers: files
>> netmasks: files
>> networks: files
>> protocols: files
>> rpc: files
>> services: files
>>
>> netgroup: files ldap
>>
>> publickey: nisplus
>>
>> automount: files ldap
>> aliases: files nisplus
>>
>> sudoers: files ldap
>>
>>
>> and /etc/ldap
>>
>> [root at home cacerts]# grep -v "^#" /etc/ldap.conf | sed -e '/^$/d'
>> base dc=fosiul,dc=lan
>>
>> timelimit 120
>> bind_timelimit 120
>> idle_timelimit 3600
>> #nss_base_passwd ou=users,l=uk,dc=fosiul,dc=lan,?one
>> nss_initgroups_ignoreusers
>>
>> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
>> uri ldap://ldap-2.fosiul.lan/
>> ssl start_tls
>> tls_cacertfile /etc/openldap/cacerts/ds-ca.crt
>> pam_password clear
>>
>>
>> On Sat, Jul 28, 2012 at 5:23 PM, Grzegorz Dwornicki <gd1100 at gmail.com>
>> wrote:
>> > I assume you are using TLS. You need to use fqdn not ip of centos
>> > directory
>> > server, configure firewall for 389 or 636 port.
>> >
>> > Please send content of /etc/nsswitch.conf and /etc/ldap.conf
>> >
>> > 28-07-2012 18:13, "Fosiul Alam" <fosiul at gmail.com> napisał(a):
>> >
>> >> Hi
>> >> I configured another pc
>> >> with authconfig-tui
>> >> but there is not any luck
>> >> its same thing ..
>> >>
>> >> Fosiul
>> >>
>> >> On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki <gd1100 at gmail.com>
>> >> wrote:
>> >> > In other mail I've told you: use authconfig or authconfig-tui or
>> >> > system-config-authentication to setup system for ldap authentication.
>> >> > For
>> >> > example authconfig-tui has simple text-based interface, authconfig is
>> >> > CLI
>> >> > based and require arguments. Finally system-config-authentication has
>> >> > gui.
>> >> >
>> >> > 28-07-2012 16:50, "Fosiul Alam" <fosiul at gmail.com> napisał(a):
>> >> >>
>> >> >> Hi
>> >> >> I have setup ldap server and from client its returning example :
>> >> >>
>> >> >> [root at home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx
>> >> >> -h
>> >> >> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
>> >> >> # extended LDIF
>> >> >> #
>> >> >> # LDAPv3
>> >> >> # base <dc=fosiul,dc=lan> with scope subtree
>> >> >> # filter: (cn=Fosiul Alam)
>> >> >> # requesting: ALL
>> >> >> #
>> >> >>
>> >> >> # falam, users, uk, fosiul.lan
>> >> >> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
>> >> >> givenName: Fosiul
>> >> >> sn: Alam
>> >> >> loginShell: /bin/bash/bash
>> >> >> uidNumber: 1000
>> >> >> gidNumber: 3000
>> >> >> objectClass: top
>> >> >> objectClass: person
>> >> >> objectClass: organizationalPerson
>> >> >> objectClass: inetorgperson
>> >> >> objectClass: posixAccount
>> >> >> uid: falam
>> >> >> cn: Fosiul Alam
>> >> >> homeDirectory: /home/falam
>> >> >> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=
>> >> >> =
>> >> >>
>> >> >> # search result
>> >> >> search: 3
>> >> >> result: 0 Success
>> >> >>
>> >> >> # numResponses: 2
>> >> >> # numEntries: 1
>> >> >>
>> >> >> and in the access log :
>> >> >>
>> >> >> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from
>> >> >> 192.0.0.4 to 192.0.0.9
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT
>> >> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120
>> >> >> nentries=0 etime=0
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory
>> >> >> manager" method=128 version=3
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97
>> >> >> nentries=0 etime=0 dn="cn=directory manager"
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH
>> >> >> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101
>> >> >> nentries=1 etime=0
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
>> >> >>
>> >> >>
>> >> >> But From command line , when i do
>> >> >> [root at home ~]# id falam
>> >> >> id: falam: No such user
>> >> >>
>> >> >>
>> >> >>
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from
>> >> >> 192.0.0.4 to 192.0.0.9
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT
>> >> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120
>> >> >> nentries=0 etime=0
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128
>> >> >> version=3
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97
>> >> >> nentries=0 etime=0 dn=""
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH
>> >> >> base="dc=fosiul,dc=lan" scope=2
>> >> >> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid
>> >> >> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
>> >> >> description objectClass"
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101
>> >> >> nentries=0 etime=0
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
>> >> >>
>> >> >>
>> >> >> So basically, ldapsearch is working but authentication is not
>> >> >> working
>> >> >> ..
>> >> >>
>> >> >> Can any one please help me with this .
>> >> >> and i am using Centos 5.8
>> >> >>
>> >> >> Fosiul.
>> >> >> --
>> >> >> 389 users mailing list
>> >> >> 389-users at lists.fedoraproject.org
>> >> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >> >
>> >> >
>> >> > --
>> >> > 389 users mailing list
>> >> > 389-users at lists.fedoraproject.org
>> >> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >>
>> >>
>> >>
>> >> --
>> >> Regards
>> >> Fosiul Alam
>> >> 07877100621
>> >> http://www.fosiul.co.uk
>> >> --
>> >> 389 users mailing list
>> >> 389-users at lists.fedoraproject.org
>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >
>> >
>> > --
>> > 389 users mailing list
>> > 389-users at lists.fedoraproject.org
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> Regards
>> Fosiul Alam
>> 07877100621
>> http://www.fosiul.co.uk
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
More information about the 389-users
mailing list