I recommend reading section 15.2.3 through 15.2.6 of the OpenLDAP 2.4
administrator's guide.
On Mon, Aug 31, 2009 at 4:49 AM, Asimananda Mohanty <
asimananda.mohanty(a)gmail.com> wrote:
Hi Matt,
Sorry for the delayed response. I was not at my place for some time.
Yes, using -x with -ZZ works fine.
But without "-x", it gives following error :
*ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com uid=asimananda*
*SASL/DIGEST-MD5 authentication started*
*Please enter your password:*
*ldap_sasl_interactive_bind_s: Invalid credentials (49)*
When used option -d7, it showed the following :
*res_errno: 49, res_error: <SASL(-13): user not found: no secret in
database>, res_matched: <>*
I have already installed SASL on the system.
Do I need to do some configuration in order to make it work? Found not much
help on net.
Thanks.
-Asimananda
On Thu, Jul 23, 2009 at 7:31 PM, Matt Kassawara <battery(a)writeme.com>wrote:
> By default, ldapsearch will try authentication via SASL. Either configure
> slapd to handle the latter or use -x in addition to -ZZ to force simple
> authentication.
>
> On Wed, Jul 22, 2009 at 11:31 PM, Asimananda Mohanty <
> asimananda.mohanty(a)gmail.com> wrote:
>
>> Hi Matt,
>> Thank you very much.
>> I got rid of both the errors by
>> 1. Installing libpam-foreground
>> 2. By changing the uri in /etc/ldap.conf from ldap to ldaps
>>
>> One last thing is remaining now....
>>
>> When tried "ldapsearch -ZZ", it asks for some password. When provided
>> with the password, it didn't accept it (the same password what I created
>> during dpkg --configure slapd)
>>
>> # ldapsearch -ZZ
>> SASL/DIGEST-MD5 authentication started
>> Please enter your password:
>> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>>
>> Thanks again.
>>
>> -Asimananda
>>
>> On Wed, Jul 22, 2009 at 8:42 PM, Matt Kassawara
<battery(a)writeme.com>wrote:
>>
>>> Installing libpam-foreground or removing the reference to it in
>>> /etc/pam.d/common-session will clear up the first error. The second error
>>> probably stems from misconfiguration in /etc/ldap.conf... particularly with
>>> how PAM tries to contact your LDAP server (uri, port, ssl/tls directives).
>>>
>>> 2009/7/20 Asimananda Mohanty <asimananda.mohanty(a)gmail.com>
>>>
>>>> Hi Michael,
>>>>
>>>> The command mentioned by you is running fine and it doesn't show any
>>>> error.
>>>>
>>>> That means that simple bind works fine.
>>>>
>>>> *By stating "I am able to login to the server", I meant that I
am able
>>>> to establish an ssh session (via putty) with the server by providing user
id
>>>> and password. In that case, I don't really understand the error
while
>>>> logging in by that user id.*
>>>>
>>>> Thanks for your support.
>>>>
>>>> -Asimananda
>>>>
>>>> 2009/7/20 Michael Ströder <michael(a)stroeder.com>
>>>>
>>>>> Asimananda Mohanty wrote:
>>>>> > I think the LDAP in current form should solve my purpose.
>>>>> >
>>>>> > Currently I have client and server on the same machine. I have
>>>>> created
>>>>> > one user in LDAP namely asimananda and I am able to login to
the
>>>>> server
>>>>> > by the same too.
>>>>>
>>>>> What does "I am able to login to the server" mean exactly.
Did you
>>>>> test
>>>>> with ldapwhoami -x -D <bind-DN of asimananda> -W whether simple
bind
>>>>> works?
>>>>>
>>>>> > *PAM unable to dlopen(/lib/security/pam_foreground.so):
>>>>> > /lib/security/pam_foreground.so: cannot open shared object file:
No
>>>>> such
>>>>> > file or directory
>>>>> > PAM adding faulty module: /lib/security/pam_foreground.so
>>>>> > pam_ldap: ldap_simple_bind Can't contact LDAP server
>>>>> > pam_ldap: reconnecting to LDAP server...
>>>>> > pam_ldap: ldap_simple_bind Can't contact LDAP server
>>>>> > Successful su for asimananda by root
>>>>> > + pts/3 root:asimananda
>>>>> > pam_unix(su:session): session opened for user asimananda by
>>>>> root(uid=0)*
>>>>>
>>>>> Looks like an setup error in your PAM setup. Check the ldap.conf
>>>>> related
>>>>> to the pam_ldap module. I don't know Ubuntu so I can't help
here.
>>>>>
>>>>> Ciao, Michael.
>>>>>
>>>>
>>>>
>>>
>>
>