[389-users] ldap authenticaion is not getting correct information (SSL/TLS) (all files, logs included- please give me light on this)
fosiul alam
expertalert at gmail.com
Sun Dec 29 14:54:13 UTC 2013
Hi,
I need some help urgnelty.. as no idea why its acting funy.
as far I belive, I have setup ldap server properly in test
environment, but actiting wired.. no idea why ...
example
[root at test ~]# id tuser
id: tuser: No such user
bellow command shows the correct info :
[root at test ~]# /usr/bin/ldapsearch -xZZ -D 'cn=Directory Manager' -w
'xxxxx' -b 'dc=fosiul,dc=lan'
# extended LDIF
#
# LDAPv3
# base <dc=fosiul,dc=lan> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# fosiul.lan
dn: dc=fosiul,dc=lan
dc: fosiul
objectClass: domain
objectClass: top
# uk, fosiul.lan
dn: l=uk,dc=fosiul,dc=lan
l: uk
objectClass: locality
objectClass: top
# groups, uk, fosiul.lan
dn: ou=groups,l=uk,dc=fosiul,dc=lan
ou: groups
objectClass: organizationalUnit
objectClass: top
# users, uk, fosiul.lan
dn: ou=users,l=uk,dc=fosiul,dc=lan
ou: users
objectClass: organizationalUnit
objectClass: top
# IT, groups, uk, fosiul.lan
dn: cn=IT,ou=groups,l=uk,dc=fosiul,dc=lan
gidNumber: 3001
objectClass: posixGroup
objectClass: top
uniqueMember: uid=fosiula,ou=users,l=uk,dc=fosiul,dc=lan
cn: IT
# tuser, users, uk, fosiul.lan
dn: uid=tuser,ou=users,l=uk,dc=fosiul,dc=lan
givenName: Tuser
sn: User
uidNumber: 2001
gidNumber: 3001
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
cn: test User
homeDirectory: /home/tuser
userPassword:: e1NTSEF9cGlZclc1NjBaOXdtSGxkdVVKcGJ3TUhHZjN4eG55a2lUQUxhSVE9PQ=
=
uid: tuser
# search result
search: 3
result: 0 Success
# numResponses: 7
# numEntries: 6
My : /etc/ldap.conf
------------------------------------
[root at test ~]# cat /etc/ldap.conf
# @(#)$Id: ldap.conf,v 1.38 2006/05/15 08:13:31 lukeh Exp $
#
# This config is managed by puppet, all changes will be reverted
base dc=fosiul,dc=lan
bind_policy soft
# Search timelimit
#timelimit 30
timelimit 1
# Bind/connect timelimit
#bind_timelimit 30
bind_timelimit 1
#idle_timelimit 3600
idle_timelimit 1
bind_timeout 1
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon
uri ldap://puppet-1.fosiul.lan
ssl start_tls
tls_cacertfile /etc/openldap/cacerts/CRT.crt
pam_password md5
pam_groupdn cn=IT,ou=groups,l=uk,dc=fosiul,dc=lan
pam_member_attribute uniqueMember
tls_cacertdir /etc/openldap/cacerts
my /etc/openldap/ldap.conf :
------------------------------------
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
URI ldap://puppet-1.fosiul.lan/
BASE dc=fosiul,dc=lan
TLS_CACERTDIR /etc/openldap/cacerts
tls_cacertfile /etc/openldap/cacerts/CRT.crt
The Log From ldap server for bellow command
---------------------------------------------------------------------
[root at test ~]# id tuser
id: tuser: No such user
[root at test ~]#
[29/Dec/2013:14:49:14 +0000] conn=111 op=3 UNBIND
[29/Dec/2013:14:49:14 +0000] conn=111 op=3 fd=76 closed - U1
[29/Dec/2013:14:49:14 +0000] conn=115 fd=76 slot=76 connection from
192.168.0.40 to 192.168.0.35
[29/Dec/2013:14:49:14 +0000] conn=115 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[29/Dec/2013:14:49:14 +0000] conn=115 op=0 RESULT err=0 tag=120
nentries=0 etime=0
[29/Dec/2013:14:49:14 +0000] conn=115 SSL 256-bit AES
[29/Dec/2013:14:49:14 +0000] conn=115 op=1 BIND dn="" method=128 version=3
[29/Dec/2013:14:49:14 +0000] conn=115 op=1 RESULT err=0 tag=97
nentries=0 etime=0 dn=""
[29/Dec/2013:14:49:14 +0000] conn=115 op=2 SRCH
base="dc=fosiul,dc=lan" scope=2
filter="(&(objectClass=posixAccount)(uid=tuser))" attrs="uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass"
[29/Dec/2013:14:49:14 +0000] conn=115 op=2 RESULT err=0 tag=101
nentries=0 etime=0
More information about the 389-users
mailing list