Re: Reg OpenLdap on Ubuntu

Hi Matt, Sorry for the delayed response. I was not at my place for some time. Yes, using -x with -ZZ works fine. But without "-x", it gives following error : *ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com uid=asimananda* *SASL/DIGEST-MD5 authentication started* *Please enter your password:* *ldap_sasl_interactive_bind_s: Invalid credentials (49)* When used option -d7, it showed the following : *res_errno: 49, res_error: <SASL(-13): user not found: no secret in database>, res_matched: <>* I have already installed SASL on the system. Do I need to do some configuration in order to make it work? Found not much help on net. Thanks. -Asimananda On Thu, Jul 23, 2009 at 7:31 PM, Matt Kassawara <battery(a)writeme.com&gt;wrote: > By default, ldapsearch will try authentication via SASL. Either configure > slapd to handle the latter or use -x in addition to -ZZ to force simple > authentication. > > On Wed, Jul 22, 2009 at 11:31 PM, Asimananda Mohanty < > asimananda.mohanty(a)gmail.com&gt; wrote: > >> Hi Matt, >> Thank you very much. >> I got rid of both the errors by >> 1. Installing libpam-foreground >> 2. By changing the uri in /etc/ldap.conf from ldap to ldaps >> >> One last thing is remaining now.... >> >> When tried "ldapsearch -ZZ", it asks for some password. When provided >> with the password, it didn't accept it (the same password what I created >> during dpkg --configure slapd) >> >> # ldapsearch -ZZ >> SASL/DIGEST-MD5 authentication started >> Please enter your password: >> ldap_sasl_interactive_bind_s: Invalid credentials (49) >> >> Thanks again. >> >> -Asimananda >> >> On Wed, Jul 22, 2009 at 8:42 PM, Matt Kassawara <battery(a)writeme.com&gt;wrote: >> >>> Installing libpam-foreground or removing the reference to it in >>> /etc/pam.d/common-session will clear up the first error. The second error >>> probably stems from misconfiguration in /etc/ldap.conf... particularly with >>> how PAM tries to contact your LDAP server (uri, port, ssl/tls directives). >>> >>> 2009/7/20 Asimananda Mohanty <asimananda.mohanty(a)gmail.com&gt; >>> >>>> Hi Michael, >>>> >>>> The command mentioned by you is running fine and it doesn't show any >>>> error. >>>> >>>> That means that simple bind works fine. >>>> >>>> *By stating "I am able to login to the server", I meant that I am able >>>> to establish an ssh session (via putty) with the server by providing user id >>>> and password. In that case, I don't really understand the error while >>>> logging in by that user id.* >>>> >>>> Thanks for your support. >>>> >>>> -Asimananda >>>> >>>> 2009/7/20 Michael Ströder <michael(a)stroeder.com&gt; >>>> >>>>> Asimananda Mohanty wrote: >>>>> > I think the LDAP in current form should solve my purpose. >>>>> > >>>>> > Currently I have client and server on the same machine. I have >>>>> created >>>>> > one user in LDAP namely asimananda and I am able to login to the >>>>> server >>>>> > by the same too. >>>>> >>>>> What does "I am able to login to the server" mean exactly. Did you >>>>> test >>>>> with ldapwhoami -x -D <bind-DN of asimananda> -W whether simple bind >>>>> works? >>>>> >>>>> > *PAM unable to dlopen(/lib/security/pam_foreground.so): >>>>> > /lib/security/pam_foreground.so: cannot open shared object file: No >>>>> such >>>>> > file or directory >>>>> > PAM adding faulty module: /lib/security/pam_foreground.so >>>>> > pam_ldap: ldap_simple_bind Can't contact LDAP server >>>>> > pam_ldap: reconnecting to LDAP server... >>>>> > pam_ldap: ldap_simple_bind Can't contact LDAP server >>>>> > Successful su for asimananda by root >>>>> > + pts/3 root:asimananda >>>>> > pam_unix(su:session): session opened for user asimananda by >>>>> root(uid=0)* >>>>> >>>>> Looks like an setup error in your PAM setup. Check the ldap.conf >>>>> related >>>>> to the pam_ldap module. I don't know Ubuntu so I can't help here. >>>>> >>>>> Ciao, Michael. >>>>> >>>> >>>> >>> >> >