I have a new OpenLDAP server. I am also using it as a Ldap Client.
I have added a user but cannot authenticate.
I have spent a lot of time researching this issue. All the suggestions are very different - ACL issues, slapd pointing the incorrect config files,
Ldap.conf file is incorrect, nsswitch is incorrect, incorrect password.
Is there a straight forward way to troubleshoot this issue. What are the configs files that are involved with this failure?
Your help is greatly appreciated.
This user works
[root@ldapservrer]# ldapwhoami -x -D cn=ldapadmin,dc=group1,dc=ldap -W
Enter LDAP Password:
dn:cn=ldapadmin,dc=group1,dc=ldap
This user fails
[root@ldapserver]# ldapwhoami -x -D cn=lou,dc=group1,dc=ldap -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
5612e45a conn=1051 fd=12 ACCEPT from IP=192.168.0.101:59308 (IP=192.168.0.a0a:389)
5612e45a conn=1051 op=0 BIND dn="cn=lou,dc=group1,dc=ldap" method=128
5612e45a conn=1051 op=0 RESULT tag=97 err=49 text=
5612e45a conn=1051 op=1 UNBIND
5612e45a conn=1051 fd=12 closed
Oct 5 16:03:32 ldapserver sshd[1432]: Received disconnect from 9.9.9.9: 11: disconnected by user
Oct 5 16:03:36 ldapserver sshd[1528]: Invalid user lou from 9.9.9.9
Oct 5 16:03:36 ldapserver sshd[1529]: input_userauth_request: invalid user lou
Oct 5 16:03:53 ldapserver sshd[1528]: Failed password for invalid user lou from 9.9.9.9 port 33968 ssh2
_______________________________
[root@ldapserver man1]# su - lou
su: user lou does not exis
5612ebc3 conn=1053 fd=12 ACCEPT from IP=192.168.0.101:59310 (IP=192.168.0.101:389)
5612ebc3 conn=1053 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
5612ebc3 conn=1053 op=0 SRCH attr=* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domainControllerFunctionality defaultNamingContext lastUSN highestCommittedUSN
5612ebc3 conn=1053 op=0 SEARCH RESULT tag=101 err=0 nentries=0 text=
5612ebc3 conn=1053 op=1 SRCH base="dc=group1,dc=ldap" scope=2 deref=0 filter="(&(uid=lou)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNum ber=0))))"
5612ebc3 conn=1053 op=1 SRCH attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdAttribute authorizedService accountExpires userAccountControl nsAccountLock host loginDisabled loginExpirationTime loginAllowedTimeMap sshPublicKey
5612ebc3 conn=1053 op=1 SEARCH RESULT tag=101 err=50 nentries=0 text=
5612ebc3 conn=1053 op=2 UNBIND
5612ebc3 conn=1053 fd=12 closed
__________________________
ssh lou@192.168.101
5612ed15 conn=1107 fd=12 ACCEPT from IP=192.168.0.101:59364 (IP=192.168.0.101:389)
5612ed15 conn=1107 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
5612ed15 conn=1107 op=0 SRCH attr=* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms domainControllerFunctionality defaultNamingContext lastUSN highestCommittedUSN
5612ed15 conn=1107 op=0 SEARCH RESULT tag=101 err=0 nentries=0 text=
5612ed15 conn=1107 op=1 SRCH base="dc=group1,dc=ldap" scope=2 deref=0 filter="(&(uid=lou)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNum ber=0))))"
5612ed15 conn=1107 op=1 SRCH attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdAttribute authorizedService accountExpires userAccountControl nsAccountLock host loginDisabled loginExpirationTime loginAllowedTimeMap sshPublicKey
5612ed15 conn=1107 op=1 SEARCH RESULT tag=101 err=50 nentries=0 text=
5612ed15 conn=1107 op=2 UNBIND
5612ed15 conn=1107 fd=12 closed
[root@ldapserver ]# ldapsearch -H ldap://ldapserver.group1.ldap -d 256 -D cn=ldapadmin,dc=group1,dc=ldap -W -b ou=Users,dc=group1,dc=ldap
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <ou=Users,dc=group1,dc=ldap> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# Users, group1.ldap
dn: ou=Users,dc=group1,dc=ldap
ou: Users
objectClass: organizationalUnit
# lou, Users, group.ldap
dn: uid=lou,ou=Users,dc=group1,dc=ldap
uid: lou
mail: louxxxxxxxxxxx
sn: xxxx
pwdAttribute: xxxxxxx
telephoneNumber: xxxxxxxxxx
roomNumber: xxxx
uidNumber: xxxx
gidNumber: xxxxx
employeeNumber: xxxxx
cn: Louis xxxxx
loginShell: /bin/bash
gecos: Lou xxxx
homeDirectory: /home/xxxx
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: pwdPolicy
objectClass: shadowAccount
userPassword:: xxxxxxx
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2