Ok, i found out what it is, really dumb mistake, there are three slashes in the address (ldap:///192.168.1.107:389/). This can confuze most people, since when you are asked to put in the address of the ldap server, three are three slashes ("ldapi:///")
Of course this is a configuration error. Usually, well-behaved applications should thoroughly validate data. OpenLDAP's libldap allows applications to parse URIs and check whether they are suitable. Whenever OpenLDAP software uses URIs, they are parsed and checked. If you parse your erroneous URI, the host:port portion will be empty, and the DN portion will contain "192.168.1.107:389/". This is obviously not a valid DN, but since ldap_initialize() does not need the DN portion, it is ignored, and an empty host:port has a clear meaning and thus does not trigger any error. The application (nss_ldap) should have parsed the URI and should have complained either because the DN portion was present, or, if its syntax allows the DN portion to be present, because it wasn't a valid DN. Feel free to ask (using the most appropriate forum) for an improved misconfiguration detection of nss_ldap.
p.
2010/5/11 Miha Krajnc miha.krajnc.mb@gmail.com
I have set up 2 servers, a web server and a database server. The database server has mysql and OpenLDAP (configured, with 1 Posix user). The web server has apache, php, etc. I want to connect with the web server to the database server with PAM (libpam-ldap) and use creditentials from the database server for user logins. I have set up libpam-ldap, but the authentecation doesnt work. Further investegation (/var/log/auth.log ) shows that the teh web server cant contact the database server. However, i also ha ve phpLDAPadmin installed aon the web server, and i can connect to the database server from there. Anyone know what could be wrong? Here is the auth.log:
May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: reconnecting to LDAP server... May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server
-- Lep pozdrav, Miha Krajnc.
-- Lep pozdrav, Miha Krajnc.