Hi Matt,
I just changed the permission level of /etc/sasldb2 from 640 to 644 and the
command "ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com uid=asimananda" started
working fine.
I have one more doubt. The above command works fine and accepts password too
but when I changed the option "-b" to "-D", it stopped working. I
read
somewhere that -D should not be used with SASL. I am bit confused about the
same.
Thanks for being so helpful.
Thanks all.
Regards
Asimananda
On Mon, Aug 31, 2009 at 6:59 PM, Matt Kassawara <battery(a)writeme.com> wrote:
I recommend reading section 15.2.3 through 15.2.6 of the OpenLDAP
2.4
administrator's guide.
On Mon, Aug 31, 2009 at 4:49 AM, Asimananda Mohanty <
asimananda.mohanty(a)gmail.com> wrote:
> Hi Matt,
> Sorry for the delayed response. I was not at my place for some time.
>
> Yes, using -x with -ZZ works fine.
>
> But without "-x", it gives following error :
>
> *ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com uid=asimananda*
> *SASL/DIGEST-MD5 authentication started*
> *Please enter your password:*
> *ldap_sasl_interactive_bind_s: Invalid credentials (49)*
>
>
> When used option -d7, it showed the following :
>
> *res_errno: 49, res_error: <SASL(-13): user not found: no secret in
> database>, res_matched: <>*
>
> I have already installed SASL on the system.
>
> Do I need to do some configuration in order to make it work? Found not
> much help on net.
>
> Thanks.
>
> -Asimananda
>
> On Thu, Jul 23, 2009 at 7:31 PM, Matt Kassawara <battery(a)writeme.com>wrote:
>
>> By default, ldapsearch will try authentication via SASL. Either
>> configure slapd to handle the latter or use -x in addition to -ZZ to force
>> simple authentication.
>>
>> On Wed, Jul 22, 2009 at 11:31 PM, Asimananda Mohanty <
>> asimananda.mohanty(a)gmail.com> wrote:
>>
>>> Hi Matt,
>>> Thank you very much.
>>> I got rid of both the errors by
>>> 1. Installing libpam-foreground
>>> 2. By changing the uri in /etc/ldap.conf from ldap to ldaps
>>>
>>> One last thing is remaining now....
>>>
>>> When tried "ldapsearch -ZZ", it asks for some password. When
provided
>>> with the password, it didn't accept it (the same password what I created
>>> during dpkg --configure slapd)
>>>
>>> # ldapsearch -ZZ
>>> SASL/DIGEST-MD5 authentication started
>>> Please enter your password:
>>> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>>>
>>> Thanks again.
>>>
>>> -Asimananda
>>>
>>> On Wed, Jul 22, 2009 at 8:42 PM, Matt Kassawara
<battery(a)writeme.com>wrote:
>>>
>>>> Installing libpam-foreground or removing the reference to it in
>>>> /etc/pam.d/common-session will clear up the first error. The second
error
>>>> probably stems from misconfiguration in /etc/ldap.conf... particularly
with
>>>> how PAM tries to contact your LDAP server (uri, port, ssl/tls
directives).
>>>>
>>>> 2009/7/20 Asimananda Mohanty <asimananda.mohanty(a)gmail.com>
>>>>
>>>>> Hi Michael,
>>>>>
>>>>> The command mentioned by you is running fine and it doesn't show
any
>>>>> error.
>>>>>
>>>>> That means that simple bind works fine.
>>>>>
>>>>> *By stating "I am able to login to the server", I meant
that I am
>>>>> able to establish an ssh session (via putty) with the server by
providing
>>>>> user id and password. In that case, I don't really understand the
error
>>>>> while logging in by that user id.*
>>>>>
>>>>> Thanks for your support.
>>>>>
>>>>> -Asimananda
>>>>>
>>>>> 2009/7/20 Michael Ströder <michael(a)stroeder.com>
>>>>>
>>>>>> Asimananda Mohanty wrote:
>>>>>> > I think the LDAP in current form should solve my purpose.
>>>>>> >
>>>>>> > Currently I have client and server on the same machine. I
have
>>>>>> created
>>>>>> > one user in LDAP namely asimananda and I am able to login to
the
>>>>>> server
>>>>>> > by the same too.
>>>>>>
>>>>>> What does "I am able to login to the server" mean
exactly. Did you
>>>>>> test
>>>>>> with ldapwhoami -x -D <bind-DN of asimananda> -W whether
simple bind
>>>>>> works?
>>>>>>
>>>>>> > *PAM unable to dlopen(/lib/security/pam_foreground.so):
>>>>>> > /lib/security/pam_foreground.so: cannot open shared object
file: No
>>>>>> such
>>>>>> > file or directory
>>>>>> > PAM adding faulty module: /lib/security/pam_foreground.so
>>>>>> > pam_ldap: ldap_simple_bind Can't contact LDAP server
>>>>>> > pam_ldap: reconnecting to LDAP server...
>>>>>> > pam_ldap: ldap_simple_bind Can't contact LDAP server
>>>>>> > Successful su for asimananda by root
>>>>>> > + pts/3 root:asimananda
>>>>>> > pam_unix(su:session): session opened for user asimananda by
>>>>>> root(uid=0)*
>>>>>>
>>>>>> Looks like an setup error in your PAM setup. Check the ldap.conf
>>>>>> related
>>>>>> to the pam_ldap module. I don't know Ubuntu so I can't
help here.
>>>>>>
>>>>>> Ciao, Michael.
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>