Openldap Experts

Jyotishmaan jyotishmaan at yahoo.com
Tue Dec 11 06:56:18 UTC 2007




Stuart Sears wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Jyotishmaan Ray wrote:
>> Hello All Openldap Experts,
>> 
>> This is Jyotishmaan. I have
>> successfully migrated the users from the Fedora-Linux System To LDAP
>> server on the Linux-fedora again. All these users shows up on the GOOEY
>> (GUI) of the Linux Fedora.
>> When I tried to logonto the system
>> through this GUI, as "ldapusr" and "jmaan" uid's, i could not log onto
>> the system ie., the on LDAP server only.
>> 
>> If i need to configure
>> the /etc/ldap.conf file. Please let me know. The transcripts of the
>> /var/log/messages are shown as below:-
> 
> Hello  Stuart Sears,
> 
> Please look below for your reply:-
> 
> 1. which (uncommented) lines are in /etc/ldap.conf at the moment?
> 
> egrep -v '^($|#)' /etc/ldap.conf
> 
> The ouput of this command is shown as below:
> 
> [root at authdns ~]# egrep -v '^($|#)' /etc/ldap.conf
> host 127.0.0.1
> base dc=nits,dc=ac,dc=in
> ldap_version 3
> timelimit 120
> bind_timelimit 120
> bind_policy hard
> idle_timelimit 3600
> nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon
> uri ldap://127.0.0.1/
> ssl no
> tls_cacertdir /etc/openldap/cacerts
> pam_password md5
> [root at authdns ~]# 
> 
> 
> 
> 2. When you configured your client box to use your new LDAP server, how
> did you do that? Using the GUI?
> 
> The client has been configured by running the system-config-authentication
> command and then configuring the ip address of the LDAP server machine.
> Other than this not a single line has been changed in the client machine.
> As of now i am trying to log onto the server machine where i am getting
> unsuccessful bind and failed authentication as per the messages in
> /var/log/messages file.
> 
> 
> If so, make sure you have enabled LDAP on both the "User Information"
> and "Authentication" tabs - otherwise you will be using LDAP as an NSS
> service like NIS.
> 
>  Configuration of the server was through-system-config-authentication
> command and the GUI as described below:-
> 
> 
> /usr/bin/authconfig-tui" as root (without gui), or  by calling the 
> call the gnome menu: system->administration->authentication? 
> 
> This worked fine in both ways.
> 
> 
> 3. can you run ldapsearch using that username and password?
> 
> Please can you through some lights on this few lines of ldapsearch
> command.
> 
> I tried usiing the following way:
> 
> [root at authdns bin]# ldapsearch -x -W -D
> 'uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in'  Enter LDAP
> Password: 
> ldap_bind: Invalid credentials (49)
> after i typed the LDAP password of the Manager i got the error as cited
> above. Hwever i also tried  logging onto the server using jmaan's LDAP
> password, but it didnt work.
> 
> Please tell mw how to authenticate successfully.
> 
> ldapsearch -xW -D
> 'uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in'
> - -h 'your.ldap.server' -b 'bn=compcen,dc=nits,dc=ac,dc=in'
> 
> hwever i will try to do.
> 4. also, what exactly is 'stornt=non-teach' ? I don't recognise that
> 
> This is to distinguish whether an employee (staff) is an teaching type or
> non-teaching type, hence the atribute "stornt".
> attribute name. Are you using a custom schema?
> 
> Yes, i am using a customised schema.
> 
> 5. Have you looked in the logs on the LDAP server itself? You may want
> to increase the loglevel (and maybe redirect local4.* to a separate
> logfile)
> 
> Yes, i have seen the logs on the LDAP server itself. The contents of the
> /var/log/messages are as shown below:-
> 
> Dec 11 11:12:49 authdns gdm[4091]: Couldn't authenticate user
> Dec 11 11:12:59 authdns gdm[4091]: pam_ldap: error trying to bind as user
> "uid=ldapusr,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in" (Invalid
> credentials)
> Dec 11 11:13:03 authdns gdm[4091]: Couldn't authenticate user
> Dec 11 11:13:11 authdns gdm[4091]: pam_ldap: error trying to bind as user
> "uid=ldapusr,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in" (Invalid
> credentials)
> Dec 11 11:13:14 authdns gdm[4091]: Couldn't authenticate user
> Dec 11 11:13:19 authdns gconfd (root-4235): starting (version 2.18.0.1),
> pid 4235 user 'root'
> Dec 11 11:13:19 authdns gconfd (root-4235): Resolved address
> "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration
> source at position 0
> Dec 11 11:13:19 authdns gconfd (root-4235): Resolved address
> "xml:readwrite:/root/.gconf" to a writable configuration source at
> position 1
> Dec 11 11:13:19 authdns gconfd (root-4235): Resolved address
> "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration
> source at position 2
> Dec 11 11:13:19 authdns gconfd (root-4235): Resolved address
> "xml:readwrite:/root/.gconf" to a writable configuration source at
> position 0
> Dec 11 11:13:21 authdns setroubleshoot: [rpc.ERROR] attempt to open server
> connection failed: (2, 'No such file or directory
> 
> Please let me know what changes i have to make in my server machine.
> 
> regards,
> 
> Jyotishmaan
> 91-9435554598
> City:Silchar, India
> 
> Regards
> 
> Stuart
> - --
> Stuart Sears RHCA etc
> "There's a very fine line between stupid and clever."
>  - Nigel Tufnel / Derek Smalls
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> 
> iD8DBQFHXAbwamPtx1brPQ4RAjJKAJ400eJbPHZdyy1CgM0HU+cddcr1eACfUtVK
> aRjnGzKAvje9PK3Ujcx4t44=
> =UBoy
> -----END PGP SIGNATURE-----
> 
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> 
> 

-- 
View this message in context: http://www.nabble.com/Openldap-Experts-tp14238310p14268772.html
Sent from the Fedora List mailing list archive at Nabble.com.




More information about the fedora-list mailing list