Re: Reg OpenLdap on Ubuntu

I recommend reading section 15.2.3 through 15.2.6 of the OpenLDAP 2.4 administrator's guide. On Mon, Aug 31, 2009 at 4:49 AM, Asimananda Mohanty < asimananda.mohanty(a)gmail.com&gt; wrote: > Hi Matt, > Sorry for the delayed response. I was not at my place for some time. > > Yes, using -x with -ZZ works fine. > > But without "-x", it gives following error : > > *ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com uid=asimananda* > *SASL/DIGEST-MD5 authentication started* > *Please enter your password:* > *ldap_sasl_interactive_bind_s: Invalid credentials (49)* > > > When used option -d7, it showed the following : > > *res_errno: 49, res_error: <SASL(-13): user not found: no secret in > database>, res_matched: <>* > > I have already installed SASL on the system. > > Do I need to do some configuration in order to make it work? Found not > much help on net. > > Thanks. > > -Asimananda > > On Thu, Jul 23, 2009 at 7:31 PM, Matt Kassawara <battery(a)writeme.com&gt;wrote: > >> By default, ldapsearch will try authentication via SASL. Either >> configure slapd to handle the latter or use -x in addition to -ZZ to force >> simple authentication. >> >> On Wed, Jul 22, 2009 at 11:31 PM, Asimananda Mohanty < >> asimananda.mohanty(a)gmail.com&gt; wrote: >> >>> Hi Matt, >>> Thank you very much. >>> I got rid of both the errors by >>> 1. Installing libpam-foreground >>> 2. By changing the uri in /etc/ldap.conf from ldap to ldaps >>> >>> One last thing is remaining now.... >>> >>> When tried "ldapsearch -ZZ", it asks for some password. When provided >>> with the password, it didn't accept it (the same password what I created >>> during dpkg --configure slapd) >>> >>> # ldapsearch -ZZ >>> SASL/DIGEST-MD5 authentication started >>> Please enter your password: >>> ldap_sasl_interactive_bind_s: Invalid credentials (49) >>> >>> Thanks again. >>> >>> -Asimananda >>> >>> On Wed, Jul 22, 2009 at 8:42 PM, Matt Kassawara <battery(a)writeme.com&gt;wrote: >>> >>>> Installing libpam-foreground or removing the reference to it in >>>> /etc/pam.d/common-session will clear up the first error. The second error >>>> probably stems from misconfiguration in /etc/ldap.conf... particularly with >>>> how PAM tries to contact your LDAP server (uri, port, ssl/tls directives). >>>> >>>> 2009/7/20 Asimananda Mohanty <asimananda.mohanty(a)gmail.com&gt; >>>> >>>>> Hi Michael, >>>>> >>>>> The command mentioned by you is running fine and it doesn't show any >>>>> error. >>>>> >>>>> That means that simple bind works fine. >>>>> >>>>> *By stating "I am able to login to the server", I meant that I am >>>>> able to establish an ssh session (via putty) with the server by providing >>>>> user id and password. In that case, I don't really understand the error >>>>> while logging in by that user id.* >>>>> >>>>> Thanks for your support. >>>>> >>>>> -Asimananda >>>>> >>>>> 2009/7/20 Michael Ströder <michael(a)stroeder.com&gt; >>>>> >>>>>> Asimananda Mohanty wrote: >>>>>> > I think the LDAP in current form should solve my purpose. >>>>>> > >>>>>> > Currently I have client and server on the same machine. I have >>>>>> created >>>>>> > one user in LDAP namely asimananda and I am able to login to the >>>>>> server >>>>>> > by the same too. >>>>>> >>>>>> What does "I am able to login to the server" mean exactly. Did you >>>>>> test >>>>>> with ldapwhoami -x -D <bind-DN of asimananda> -W whether simple bind >>>>>> works? >>>>>> >>>>>> > *PAM unable to dlopen(/lib/security/pam_foreground.so): >>>>>> > /lib/security/pam_foreground.so: cannot open shared object file: No >>>>>> such >>>>>> > file or directory >>>>>> > PAM adding faulty module: /lib/security/pam_foreground.so >>>>>> > pam_ldap: ldap_simple_bind Can't contact LDAP server >>>>>> > pam_ldap: reconnecting to LDAP server... >>>>>> > pam_ldap: ldap_simple_bind Can't contact LDAP server >>>>>> > Successful su for asimananda by root >>>>>> > + pts/3 root:asimananda >>>>>> > pam_unix(su:session): session opened for user asimananda by >>>>>> root(uid=0)* >>>>>> >>>>>> Looks like an setup error in your PAM setup. Check the ldap.conf >>>>>> related >>>>>> to the pam_ldap module. I don't know Ubuntu so I can't help here. >>>>>> >>>>>> Ciao, Michael. >>>>>> >>>>> >>>>> >>>> >>> >> >