Hi Matt, I just changed the permission level of /etc/sasldb2 from 640 to 644 and the command "ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com uid=asimananda" started working fine.
I have one more doubt. The above command works fine and accepts password too but when I changed the option "-b" to "-D", it stopped working. I read somewhere that -D should not be used with SASL. I am bit confused about the same.
Thanks for being so helpful.
Thanks all.
Regards Asimananda
On Mon, Aug 31, 2009 at 6:59 PM, Matt Kassawara battery@writeme.com wrote:
I recommend reading section 15.2.3 through 15.2.6 of the OpenLDAP 2.4 administrator's guide.
On Mon, Aug 31, 2009 at 4:49 AM, Asimananda Mohanty < asimananda.mohanty@gmail.com> wrote:
Hi Matt, Sorry for the delayed response. I was not at my place for some time.
Yes, using -x with -ZZ works fine.
But without "-x", it gives following error :
*ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com uid=asimananda* *SASL/DIGEST-MD5 authentication started* *Please enter your password:* *ldap_sasl_interactive_bind_s: Invalid credentials (49)*
When used option -d7, it showed the following :
*res_errno: 49, res_error: <SASL(-13): user not found: no secret in database>, res_matched: <>*
I have already installed SASL on the system.
Do I need to do some configuration in order to make it work? Found not much help on net.
Thanks.
-Asimananda
On Thu, Jul 23, 2009 at 7:31 PM, Matt Kassawara battery@writeme.comwrote:
By default, ldapsearch will try authentication via SASL. Either configure slapd to handle the latter or use -x in addition to -ZZ to force simple authentication.
On Wed, Jul 22, 2009 at 11:31 PM, Asimananda Mohanty < asimananda.mohanty@gmail.com> wrote:
Hi Matt, Thank you very much. I got rid of both the errors by
- Installing libpam-foreground
- By changing the uri in /etc/ldap.conf from ldap to ldaps
One last thing is remaining now....
When tried "ldapsearch -ZZ", it asks for some password. When provided with the password, it didn't accept it (the same password what I created during dpkg --configure slapd)
# ldapsearch -ZZ SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49)
Thanks again.
-Asimananda
On Wed, Jul 22, 2009 at 8:42 PM, Matt Kassawara battery@writeme.comwrote:
Installing libpam-foreground or removing the reference to it in /etc/pam.d/common-session will clear up the first error. The second error probably stems from misconfiguration in /etc/ldap.conf... particularly with how PAM tries to contact your LDAP server (uri, port, ssl/tls directives).
2009/7/20 Asimananda Mohanty asimananda.mohanty@gmail.com
Hi Michael,
The command mentioned by you is running fine and it doesn't show any error.
That means that simple bind works fine.
*By stating "I am able to login to the server", I meant that I am able to establish an ssh session (via putty) with the server by providing user id and password. In that case, I don't really understand the error while logging in by that user id.*
Thanks for your support.
-Asimananda
2009/7/20 Michael Ströder michael@stroeder.com
> Asimananda Mohanty wrote: > > I think the LDAP in current form should solve my purpose. > > > > Currently I have client and server on the same machine. I have > created > > one user in LDAP namely asimananda and I am able to login to the > server > > by the same too. > > What does "I am able to login to the server" mean exactly. Did you > test > with ldapwhoami -x -D <bind-DN of asimananda> -W whether simple bind > works? > > > *PAM unable to dlopen(/lib/security/pam_foreground.so): > > /lib/security/pam_foreground.so: cannot open shared object file: No > such > > file or directory > > PAM adding faulty module: /lib/security/pam_foreground.so > > pam_ldap: ldap_simple_bind Can't contact LDAP server > > pam_ldap: reconnecting to LDAP server... > > pam_ldap: ldap_simple_bind Can't contact LDAP server > > Successful su for asimananda by root > > + pts/3 root:asimananda > > pam_unix(su:session): session opened for user asimananda by > root(uid=0)* > > Looks like an setup error in your PAM setup. Check the ldap.conf > related > to the pam_ldap module. I don't know Ubuntu so I can't help here. > > Ciao, Michael. >