Hello,
I woke up to an issue today where SSH access to our servers no longer works due to issues with LDAP authentication. Oddly, ldapsearch with admin credentials interacts with the LDAP server fine. If I check for ldapusers using getent passwd, none are returned.
The slapd auditlog records the failed attempts.
When trying to su as an ldap user, it returns "no passwd entry".
Nothing "should" have changed over night, so any ideas of where to look will be appreciated.
Adam
The information contained in or attached to this e-mail is intended only for the use of the addressee. If you are not the intended recipient of this e-mail, or a person responsible for delivering it to the intended recipient, you are strictly prohibited from disclosing, copying, distributing, or retaining this e-mail or any part of it. It may contain information which is confidential and/or covered by legal, professional or other privilege under applicable law. If you have received this e-mail in error, please notify the author by replying to this e-mail immediately and delete this e-mail from your system. The views expressed in this email may not necessary be the views held by the organization. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.
I just resolved this issue. Bind account password expired.
From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Lang, Adam Sent: Tuesday, November 27, 2018 1:00 PM To: openldap-technical@openldap.org Subject: openldap stopped authenticating
Hello,
I woke up to an issue today where SSH access to our servers no longer works due to issues with LDAP authentication. Oddly, ldapsearch with admin credentials interacts with the LDAP server fine. If I check for ldapusers using getent passwd, none are returned.
The slapd auditlog records the failed attempts.
When trying to su as an ldap user, it returns "no passwd entry".
Nothing "should" have changed over night, so any ideas of where to look will be appreciated.
Adam
The information contained in or attached to this e-mail is intended only for the use of the addressee. If you are not the intended recipient of this e-mail, or a person responsible for delivering it to the intended recipient, you are strictly prohibited from disclosing, copying, distributing, or retaining this e-mail or any part of it. It may contain information which is confidential and/or covered by legal, professional or other privilege under applicable law. If you have received this e-mail in error, please notify the author by replying to this e-mail immediately and delete this e-mail from your system. The views expressed in this email may not necessary be the views held by the organization. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.
The information contained in or attached to this e-mail is intended only for the use of the addressee. If you are not the intended recipient of this e-mail, or a person responsible for delivering it to the intended recipient, you are strictly prohibited from disclosing, copying, distributing, or retaining this e-mail or any part of it. It may contain information which is confidential and/or covered by legal, professional or other privilege under applicable law. If you have received this e-mail in error, please notify the author by replying to this e-mail immediately and delete this e-mail from your system. The views expressed in this email may not necessary be the views held by the organization. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.
--On Tuesday, November 27, 2018 5:59 PM +0000 "Lang, Adam" Adam.Lang@ecolane.com wrote:
Hello,
I woke up to an issue today where SSH access to our servers no longer works due to issues with LDAP authentication. Oddly, ldapsearch with admin credentials interacts with the LDAP server fine. If I check for ldapusers using getent passwd, none are returned.
The slapd auditlog records the failed attempts.
When trying to su as an ldap user, it returns "no passwd entry".
Nothing "should" have changed over night, so any ideas of where to look will be appreciated.
Hopefully you have the "stats" log level enabled, and can see what sort of search is being performed and/or any errors that arise. Additionally, I will assume you've attempted using the same credentials as the client(s) are using to perform those same searches from the command line, along with then testing those searches as the admin user to see what difference (if any) there are in the results, etc.
If you use TLS, I will assume you've confirmed that all certificates are valid (i.e., haven't expired), etc.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Lang, Adam -
Quanah Gibson-Mount