I have set up 2 servers, a web server and a database server. The database server has mysql and OpenLDAP (configured, with 1 Posix user). The web server has apache, php, etc. I want to connect with the web server to the database server with PAM (libpam-ldap) and use creditentials from the database server for user logins. I have set up libpam-ldap, but the authentecation doesnt work. Further investegation (/var/log/auth.log ) shows that the teh web server cant contact the database server. However, i also ha ve phpLDAPadmin installed aon the web server, and i can connect to the database server from there. Anyone know what could be wrong? Here is the auth.log:
May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: reconnecting to LDAP server... May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server
Hi
Is your ldap.conf configured?
HTH, Norberto
El 11/05/2010 6:09, "Miha Krajnc" miha.krajnc.mb@gmail.com escribió:
I have set up 2 servers, a web server and a database server. The database server has mysql and OpenLDAP (configured, with 1 Posix user). The web server has apache, php, etc. I want to connect with the web server to the database server with PAM (libpam-ldap) and use creditentials from the database server for user logins. I have set up libpam-ldap, but the authentecation doesnt work. Further investegation (/var/log/auth.log ) shows that the teh web server cant contact the database server. However, i also ha ve phpLDAPadmin installed aon the web server, and i can connect to the database server from there. Anyone know what could be wrong? Here is the auth.log:
May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: reconnecting to LDAP server... May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server
Ok, i found out what it is, really dumb mistake, there are three slashes in the address (ldap:///192.168.1.107:389/). This can confuze most people, since when you are asked to put in the address of the ldap server, three are three slashes ("ldapi:///")
2010/5/11 Miha Krajnc miha.krajnc.mb@gmail.com
I have set up 2 servers, a web server and a database server. The database server has mysql and OpenLDAP (configured, with 1 Posix user). The web server has apache, php, etc. I want to connect with the web server to the database server with PAM (libpam-ldap) and use creditentials from the database server for user logins. I have set up libpam-ldap, but the authentecation doesnt work. Further investegation (/var/log/auth.log ) shows that the teh web server cant contact the database server. However, i also ha ve phpLDAPadmin installed aon the web server, and i can connect to the database server from there. Anyone know what could be wrong? Here is the auth.log:
May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: reconnecting to LDAP server... May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server
-- Lep pozdrav, Miha Krajnc.
Ok, i found out what it is, really dumb mistake, there are three slashes in the address (ldap:///192.168.1.107:389/). This can confuze most people, since when you are asked to put in the address of the ldap server, three are three slashes ("ldapi:///")
Of course this is a configuration error. Usually, well-behaved applications should thoroughly validate data. OpenLDAP's libldap allows applications to parse URIs and check whether they are suitable. Whenever OpenLDAP software uses URIs, they are parsed and checked. If you parse your erroneous URI, the host:port portion will be empty, and the DN portion will contain "192.168.1.107:389/". This is obviously not a valid DN, but since ldap_initialize() does not need the DN portion, it is ignored, and an empty host:port has a clear meaning and thus does not trigger any error. The application (nss_ldap) should have parsed the URI and should have complained either because the DN portion was present, or, if its syntax allows the DN portion to be present, because it wasn't a valid DN. Feel free to ask (using the most appropriate forum) for an improved misconfiguration detection of nss_ldap.
p.
2010/5/11 Miha Krajnc miha.krajnc.mb@gmail.com
I have set up 2 servers, a web server and a database server. The database server has mysql and OpenLDAP (configured, with 1 Posix user). The web server has apache, php, etc. I want to connect with the web server to the database server with PAM (libpam-ldap) and use creditentials from the database server for user logins. I have set up libpam-ldap, but the authentecation doesnt work. Further investegation (/var/log/auth.log ) shows that the teh web server cant contact the database server. However, i also ha ve phpLDAPadmin installed aon the web server, and i can connect to the database server from there. Anyone know what could be wrong? Here is the auth.log:
May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: reconnecting to LDAP server... May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server
-- Lep pozdrav, Miha Krajnc.
-- Lep pozdrav, Miha Krajnc.
On Fri, 14 May 2010, Miha Krajnc wrote:
Ok, i found out what it is, really dumb mistake, there are three slashes in the address (ldap:///192.168.1.107:389/). This can confuze most people, since when you are asked to put in the address of the ldap server, three are three slashes ("ldapi:///")
AFAIR in some modern versions of software like pam_ldap, libnss-ldap, etc, (at least in debian) one must use literal combinations like
ldapi://%2Fsome%2Fwhere%2Fsocketfile
Regards, DT
2010/5/11 Miha Krajnc miha.krajnc.mb@gmail.com
I have set up 2 servers, a web server and a database server. The database server has mysql and OpenLDAP (configured, with 1 Posix user). The web server has apache, php, etc. I want to connect with the web server to the database server with PAM (libpam-ldap) and use creditentials from the database server for user logins. I have set up libpam-ldap, but the authentecation doesnt work. Further investegation (/var/log/auth.log ) shows that the teh web server cant contact the database server. However, i also ha ve phpLDAPadmin installed aon the web server, and i can connect to the database server from there. Anyone know what could be wrong? Here is the auth.log:
May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: reconnecting to LDAP server... May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server
-- Lep pozdrav, Miha Krajnc.
Ok, i found out what it is, really dumb mistake, there are three slashes in the address (ldap:///192.168.1.107:389/). This can confuze most people, since when you are asked to put in the address of the ldap server, three are three slashes ("ldapi:///")
In all URIs there are three '/': 2 after the "<protocol>:", and one after the <host>. "ldapi///" means empty host, implying the default socket. In your URI there are four '/', so it is incorrect. RFC 4516.
p.
2010/5/11 Miha Krajnc miha.krajnc.mb@gmail.com
I have set up 2 servers, a web server and a database server. The database server has mysql and OpenLDAP (configured, with 1 Posix user). The web server has apache, php, etc. I want to connect with the web server to the database server with PAM (libpam-ldap) and use creditentials from the database server for user logins. I have set up libpam-ldap, but the authentecation doesnt work. Further investegation (/var/log/auth.log ) shows that the teh web server cant contact the database server. However, i also ha ve phpLDAPadmin installed aon the web server, and i can connect to the database server from there. Anyone know what could be wrong? Here is the auth.log:
May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: reconnecting to LDAP server... May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server
-- Lep pozdrav, Miha Krajnc.
-- Lep pozdrav, Miha Krajnc.
On May 14, 2010, at 5:22 AM, masarati@aero.polimi.it wrote:
Ok, i found out what it is, really dumb mistake, there are three slashes in the address (ldap:///192.168.1.107:389/). This can confuze most people, since when you are asked to put in the address of the ldap server, three are three slashes ("ldapi:///")
In all URIs there are three '/': 2 after the "<protocol>:", and one after the <host>. "ldapi///" means empty host, implying the default socket. In your URI there are four '/', so it is incorrect. RFC 4516
I believe you missed a : there. ;)
p.
2010/5/11 Miha Krajnc miha.krajnc.mb@gmail.com
I have set up 2 servers, a web server and a database server. The database server has mysql and OpenLDAP (configured, with 1 Posix user). The web server has apache, php, etc. I want to connect with the web server to the database server with PAM (libpam-ldap) and use creditentials from the database server for user logins. I have set up libpam-ldap, but the authentecation doesnt work. Further investegation (/var/log/ auth.log ) shows that the teh web server cant contact the database server. However, i also ha ve phpLDAPadmin installed aon the web server, and i can connect to the database server from there. Anyone know what could be wrong? Here is the auth.log:
May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: reconnecting to LDAP server... May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server
-- Lep pozdrav, Miha Krajnc.
-- Lep pozdrav, Miha Krajnc.
On May 14, 2010, at 5:22 AM, masarati@aero.polimi.it wrote:
Ok, i found out what it is, really dumb mistake, there are three slashes in the address (ldap:///192.168.1.107:389/). This can confuze most people, since when you are asked to put in the address of the ldap server, three are three slashes ("ldapi:///")
In all URIs there are three '/': 2 after the "<protocol>:", and one after the <host>. "ldapi///" means empty host, implying the default
Of course, here I meant "ldapi:///", sorry.
p.
socket. In your URI there are four '/', so it is incorrect. RFC 4516
I believe you missed a : there. ;)
p.
2010/5/11 Miha Krajnc miha.krajnc.mb@gmail.com
I have set up 2 servers, a web server and a database server. The database server has mysql and OpenLDAP (configured, with 1 Posix user). The web server has apache, php, etc. I want to connect with the web server to the database server with PAM (libpam-ldap) and use creditentials from the database server for user logins. I have set up libpam-ldap, but the authentecation doesnt work. Further investegation (/var/log/ auth.log ) shows that the teh web server cant contact the database server. However, i also ha ve phpLDAPadmin installed aon the web server, and i can connect to the database server from there. Anyone know what could be wrong? Here is the auth.log:
May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: reconnecting to LDAP server... May 11 10:57:33 web sudo: nss_ldap: could not connect to any LDAP server as cn=admin,dc=stef,dc=si - Can't contact LDAP server May 11 10:57:33 web sudo: nss_ldap: failed to bind to LDAP server ldap:/// 192.168.1.107:389/: Can't contact LDAP server
-- Lep pozdrav, Miha Krajnc.
-- Lep pozdrav, Miha Krajnc.
openldap-technical@openldap.org
-
DT Piotr Wadas -
masarati@aero.polimi.it -
Miha Krajnc -
Quanah Gibson-Mount -
zoolook