I recommend reading section 15.2.3 through 15.2.6 of the OpenLDAP 2.4 administrator's guide.

On Mon, Aug 31, 2009 at 4:49 AM, Asimananda Mohanty <asimananda.mohanty@gmail.com> wrote:
Hi Matt,

Sorry for the delayed response. I was not at my place for some time.

Yes, using -x with -ZZ works fine.

But without "-x", it gives following error :

ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com uid=asimananda
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)


When used option -d7, it showed the following :

res_errno: 49, res_error: <SASL(-13): user not found: no secret in database>, res_matched: <>

I have already installed SASL on the system. 

Do I need to do some configuration in order to make it work? Found not much help on net.

Thanks.

-Asimananda


On Thu, Jul 23, 2009 at 7:31 PM, Matt Kassawara <battery@writeme.com> wrote:
By default, ldapsearch will try authentication via SASL.  Either configure slapd to handle the latter or use -x in addition to -ZZ to force simple authentication.


On Wed, Jul 22, 2009 at 11:31 PM, Asimananda Mohanty <asimananda.mohanty@gmail.com> wrote:
Hi Matt,

Thank you very much.

I got rid of both the errors by 

1. Installing libpam-foreground
2. By changing the uri in /etc/ldap.conf from ldap to ldaps

One last thing is remaining now....

When tried "ldapsearch -ZZ", it asks for some password. When provided with the password, it didn't accept it (the same password what I created during dpkg --configure slapd)

# ldapsearch -ZZ
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)

Thanks again.

-Asimananda

On Wed, Jul 22, 2009 at 8:42 PM, Matt Kassawara <battery@writeme.com> wrote:
Installing libpam-foreground or removing the reference to it in /etc/pam.d/common-session will clear up the first error.  The second error probably stems from misconfiguration in /etc/ldap.conf... particularly with how PAM tries to contact your LDAP server (uri, port, ssl/tls directives).

2009/7/20 Asimananda Mohanty <asimananda.mohanty@gmail.com>

Hi Michael,

The command mentioned by you is running fine and it doesn't show any error.

That means that simple bind works fine.

By stating "I am able to login to the server", I meant that I am able to establish an ssh session (via putty) with the server by providing user id and password. In that case, I don't really understand the error while logging in by that user id.


Thanks for your support.

-Asimananda

2009/7/20 Michael Ströder <michael@stroeder.com>
Asimananda Mohanty wrote:

> I think the LDAP in current form should solve my purpose.
>
> Currently I have client and server on the same machine. I have created
> one user in LDAP namely asimananda and I am able to login to the server
> by the same too.

What does "I am able to login to the server" mean exactly. Did you test
with ldapwhoami -x -D <bind-DN of asimananda> -W whether simple bind works?

> *PAM unable to dlopen(/lib/security/pam_foreground.so):
> /lib/security/pam_foreground.so: cannot open shared object file: No such
> file or directory
> PAM adding faulty module: /lib/security/pam_foreground.so
> pam_ldap: ldap_simple_bind Can't contact LDAP server
> pam_ldap: reconnecting to LDAP server...
> pam_ldap: ldap_simple_bind Can't contact LDAP server
> Successful su for asimananda by root
> + pts/3 root:asimananda
> pam_unix(su:session): session opened for user asimananda by root(uid=0)*

Looks like an setup error in your PAM setup. Check the ldap.conf related
to the pam_ldap module. I don't know Ubuntu so I can't help here.

Ciao, Michael.