12:08 a.m.
Hi All,
We have a dedicated LDAP server and I would like to configure OpenLDAP client in
our linux boxes running on centOS 5.3.
I have installed openldap client and changed /etc/openldap/ldap.conf with folllowing info
BASE dc=my, dc=net
URI ldap://10.122.12.13
But when I try to run ldapsearch, I get following error
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
The objective is anybody having ldap id can login to linux box. At present, I am manually
creating individual ids which we want to integrate with LDAP authentication.
I would appreciate your help
- RB
6:33 a.m.
Hi,
have you read the manpage for ldapsearch?
You should deliver some more information which parameter did you use for
ldapsearch to figure out where is the problem is.
http://www.zytrax.com/books/ldap/ch14/#ldapsearch
Try this URL for example.
Bye
On Fri, Feb 26, 2010 at 09:08, Cool The Breezer <techcool.kumar(a)yahoo.com>wrote:
Hi All,
We have a dedicated LDAP server and I would like to configure
OpenLDAP client in our linux boxes running on centOS 5.3.
I have installed openldap client and changed /etc/openldap/ldap.conf with
folllowing info
BASE dc=my, dc=net
URI ldap://10.122.12.13
But when I try to run ldapsearch, I get following error
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
The objective is anybody having ldap id can login to linux box. At present,
I am manually creating individual ids which we want to integrate with LDAP
authentication.
I would appreciate your help
- RB
1:02 p.m.
Hi,
Maybe using the -x option in your ldapsearch requests may resolve your
problem.
KR
2010/2/26 Benjamin Griese <der.darude(a)gmail.com>
Hi,
have you read the manpage for ldapsearch?
You should deliver some more information which parameter did you use for
ldapsearch to figure out where is the problem is.
http://www.zytrax.com/books/ldap/ch14/#ldapsearch
Try this URL for example.
Bye
On Fri, Feb 26, 2010 at 09:08, Cool The Breezer <techcool.kumar(a)yahoo.com>wrote:
> Hi All,
> We have a dedicated LDAP server and I would like to configure
> OpenLDAP client in our linux boxes running on centOS 5.3.
> I have installed openldap client and changed /etc/openldap/ldap.conf with
> folllowing info
>
> BASE dc=my, dc=net
> URI ldap://10.122.12.13
>
> But when I try to run ldapsearch, I get following error
>
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available:
>
> The objective is anybody having ldap id can login to linux box. At
> present, I am manually creating individual ids which we want to integrate
> with LDAP authentication.
> I would appreciate your help
>
> - RB
>
>
>
>
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
9:53 p.m.
Thanks for your suggestion. But still there is some problem.
ldapsearch -H ldap://ldap-sunnyvale.juniper.net -x -LL ou=people,dc=jnpr,dc=net
"{mail=*norton*}" sn cn mail
Output: version: 1
Operations error (1)
Additional information: 00000000: LdapErr: DSID-0C090627, comment: In order to perform
this operation a successful bind must be completed on the connection., data 0, vece
Not sure the reason behind such errors. I think there is something wrong, because when I
am trying to login linux box using ldap credentials, it simply closes the connection.
________________________________
From: Echedey Lorenzo <echedey(a)gmail.com>
To: Benjamin Griese <der.darude(a)gmail.com>
Cc: Cool The Breezer <techcool.kumar(a)yahoo.com>; openldap-technical(a)openldap.org
Sent: Sat, February 27, 2010 2:32:08 AM
Subject: Re: OpenLDAP client configuration with CentOS 5.3
Hi,
Maybe using the -x option in your ldapsearch requests may resolve your problem.
KR
2010/2/26 Benjamin Griese <der.darude(a)gmail.com>
Hi,
have you read the manpage for ldapsearch?
You should deliver some more information which parameter did you use for ldapsearch to
figure out where is the problem is.
http://www.zytrax.com/books/ldap/ch14/#ldapsearch
>
Try this URL for example.
Bye
On Fri, Feb 26, 2010 at 09:08, Cool The Breezer <techcool.kumar(a)yahoo.com> wrote:
Hi All,
>>> We have a dedicated LDAP server and I would like to configure
OpenLDAP client in our linux boxes running on centOS 5.3.
>>>I have installed openldap client and changed /etc/openldap/ldap.conf with
folllowing info
>
>>>BASE dc=my, dc=net
>>>URI ldap://10.122.12.13
>
>>>But when I try to run ldapsearch, I get following error
>
>>>SASL/EXTERNAL authentication started
>>>ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>>> additional info: SASL(-4): no mechanism available:
>
>>>The objective is anybody having ldap id can login to linux box. At present, I
am manually creating individual ids which we want to integrate with LDAP authentication.
>>>I would appreciate your help
>
>>>- RB
>
>
>
>
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
11:46 p.m.
Le 01/03/2010 06:53, Cool The Breezer a écrit :
Thanks for your suggestion. But still there is some problem.
/ldapsearch -H ldap://ldap-sunnyvale.juniper.net -x -LL
ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/
/
/
/Output: version: 1/
/
/
/Operations error (1)/
/Additional information: 00000000: LdapErr: DSID-0C090627, comment: In
order to perform this operation a successful bind must be completed on
the connection., data 0, vece/
Not sure the reason behind such errors. I think there is something
wrong, because when I am trying to login linux box using ldap
credentials, it simply closes the connection.
As it says in this error message: "a successful bind must be completed
on the connection". This means you must authenticate to the LDAP server
in order to search in it.
Check the -D and -w/-W options in the ldapsearch(1) man page. You'll
need a valid account in your LDAP server and it's password.
Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan(a)phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------
12:37 a.m.
I tried as per suggestions using man page. But still getting the error
ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W -X _e3user
Enter LDAP Password:
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
It now generates a new error. I tried using authconfig with --enableldap, --enablewinbind
and --disableldaptls.
Still users are not able to login to linux box using LDAP credentials.
----- Original Message ----
From: Jonathan Clarke <jonathan(a)phillipoux.net>
To: Cool The Breezer <techcool.kumar(a)yahoo.com>
Cc: openldap-technical(a)openldap.org
Sent: Mon, March 1, 2010 1:16:32 PM
Subject: Re: OpenLDAP client configuration with CentOS 5.3
Le 01/03/2010 06:53, Cool The Breezer a écrit :
Thanks for your suggestion. But still there is some problem.
/ldapsearch -H ldap://ldap-sunnyvale.juniper.net -x -LL
ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/
/
/
/Output: version: 1/
/
/
/Operations error (1)/
/Additional information: 00000000: LdapErr: DSID-0C090627, comment: In
order to perform this operation a successful bind must be completed on
the connection., data 0, vece/
Not sure the reason behind such errors. I think there is something
wrong, because when I am trying to login linux box using ldap
credentials, it simply closes the connection.
As it says in this error message: "a successful bind must be completed on the
connection". This means you must authenticate to the LDAP server in order to search
in it.
Check the -D and -w/-W options in the ldapsearch(1) man page. You'll need a valid
account in your LDAP server and it's password.
Jonathan
-- --------------------------------------------------------------
Jonathan Clarke - jonathan(a)phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------
12:44 a.m.
Try:
ldapsearch -x -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W _e3user
KR
2010/3/1 Cool The Breezer <techcool.kumar(a)yahoo.com>
I tried as per suggestions using man page. But still getting the
error
ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)"
-W -X _e3user
Enter LDAP Password:
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
It now generates a new error. I tried using authconfig with --enableldap,
--enablewinbind and --disableldaptls.
Still users are not able to login to linux box using LDAP credentials.
----- Original Message ----
From: Jonathan Clarke <jonathan(a)phillipoux.net>
To: Cool The Breezer <techcool.kumar(a)yahoo.com>
Cc: openldap-technical(a)openldap.org
Sent: Mon, March 1, 2010 1:16:32 PM
Subject: Re: OpenLDAP client configuration with CentOS 5.3
Le 01/03/2010 06:53, Cool The Breezer a écrit :
> Thanks for your suggestion. But still there is some problem.
> /ldapsearch -H ldap://ldap-sunnyvale.juniper.net -x -LL
> ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/
> /
> /
> /Output: version: 1/
> /
> /
> /Operations error (1)/
> /Additional information: 00000000: LdapErr: DSID-0C090627, comment: In
> order to perform this operation a successful bind must be completed on
> the connection., data 0, vece/
>
> Not sure the reason behind such errors. I think there is something
> wrong, because when I am trying to login linux box using ldap
> credentials, it simply closes the connection.
As it says in this error message: "a successful bind must be completed on
the connection". This means you must authenticate to the LDAP server in
order to search in it.
Check the -D and -w/-W options in the ldapsearch(1) man page. You'll need a
valid account in your LDAP server and it's password.
Jonathan
-- --------------------------------------------------------------
Jonathan Clarke - jonathan(a)phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
12:55 a.m.
Watch the space:
ldapsearch -x -H ldap://xxx.yyy.com -D "cn=Directory Manager"
"(objectclass=*)" -W _e3user
(assuming _e3user is your password. maybe you should try with -w also)
2010/3/1 Echedey Lorenzo <echedey(a)gmail.com>
Try:
ldapsearch -x -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W _e3user
KR
2010/3/1 Cool The Breezer <techcool.kumar(a)yahoo.com>
I tried as per suggestions using man page. But still getting the error
>
> ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory Manager"
> "(objectclass=*)" -W -X _e3user
> Enter LDAP Password:
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available:
>
>
> It now generates a new error. I tried using authconfig with --enableldap,
> --enablewinbind and --disableldaptls.
> Still users are not able to login to linux box using LDAP credentials.
>
>
>
> ----- Original Message ----
> From: Jonathan Clarke <jonathan(a)phillipoux.net>
> To: Cool The Breezer <techcool.kumar(a)yahoo.com>
> Cc: openldap-technical(a)openldap.org
> Sent: Mon, March 1, 2010 1:16:32 PM
> Subject: Re: OpenLDAP client configuration with CentOS 5.3
>
> Le 01/03/2010 06:53, Cool The Breezer a écrit :
> > Thanks for your suggestion. But still there is some problem.
> > /ldapsearch -H ldap://ldap-sunnyvale.juniper.net -x -LL
> > ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/
> > /
> > /
> > /Output: version: 1/
> > /
> > /
> > /Operations error (1)/
> > /Additional information: 00000000: LdapErr: DSID-0C090627, comment: In
> > order to perform this operation a successful bind must be completed on
> > the connection., data 0, vece/
> >
> > Not sure the reason behind such errors. I think there is something
> > wrong, because when I am trying to login linux box using ldap
> > credentials, it simply closes the connection.
>
> As it says in this error message: "a successful bind must be completed on
> the connection". This means you must authenticate to the LDAP server in
> order to search in it.
>
> Check the -D and -w/-W options in the ldapsearch(1) man page. You'll need
> a valid account in your LDAP server and it's password.
>
> Jonathan
> -- --------------------------------------------------------------
> Jonathan Clarke - jonathan(a)phillipoux.net
> --------------------------------------------------------------
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
> --------------------------------------------------------------
>
>
>
>
>
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
1:43 a.m.
Thanks for suggestion. However still no luck.
Yes _e3user was password. I tried -W and -w too.
BTW, let me again repeat the steps done for configuration
- Install openldap
- Change /etc/openldap/ldap.conf property file
- Tried to login to linux box using LDAP credential -> it did not work
- Tried running authconfig with enableldap, enableldapauth etc... with -update all filter
- Tried to login to linux box using LDAP credential -> Linux box unexpectedly closed
the connection and putty window closed
- Tried to run ldapsearch.....here I am now
Do you think, there are some steps or configurations I am missing.
I am basically not looking for ldapsearch command to run rather I just wanted peoples
having ldap credential easily login to the linux box.
regards,
Rb
________________________________
From: Echedey Lorenzo <echedey(a)gmail.com>
To: Cool The Breezer <techcool.kumar(a)yahoo.com>
Cc: Jonathan Clarke <jonathan(a)phillipoux.net>; openldap-technical(a)openldap.org
Sent: Mon, March 1, 2010 2:25:26 PM
Subject: Re: OpenLDAP client configuration with CentOS 5.3
Watch the space:
ldapsearch -x -H ldap://xxx.yyy.com -D "cn=Directory Manager"
"(objectclass=*)" -W _e3user
(assuming _e3user is your password. maybe you should try with -w also)
2010/3/1 Echedey Lorenzo <echedey(a)gmail.com>
Try:
ldapsearch -x -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W _e3user
KR
2010/3/1 Cool The Breezer <techcool.kumar(a)yahoo.com>
I tried as per suggestions using man page. But still getting the error
>
>>>ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W -X _e3user
>>>Enter LDAP Password:
>
>SASL/EXTERNAL authentication started
>>>ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>>> additional info: SASL(-4): no mechanism available:
>
>
>It now generates a new error. I tried using authconfig with --enableldap,
--enablewinbind and --disableldaptls.
>>>Still users are not able to login to linux box using LDAP credentials.
>
>
>
>
>>>----- Original Message ----
>>>From: Jonathan Clarke <jonathan(a)phillipoux.net>
>>>To: Cool The Breezer <techcool.kumar(a)yahoo.com>
>>>Cc: openldap-technical(a)openldap.org
>>>Sent: Mon, March 1, 2010 1:16:32 PM
>>>Subject: Re: OpenLDAP client configuration with CentOS 5.3
>
>
>Le 01/03/2010 06:53, Cool The Breezer a écrit :
>>>> Thanks for your suggestion. But still there is some problem.
>>>> /ldapsearch -H ldap://ldap-sunnyvale.juniper.net -x -LL
>>>> ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/
>>>> /
>>>> /
>>>> /Output: version: 1/
>>>> /
>>>> /
>>>> /Operations error (1)/
>>>> /Additional information: 00000000: LdapErr: DSID-0C090627, comment: In
>>>> order to perform this operation a successful bind must be completed on
>>>> the connection., data 0, vece/
>>>>
>>>> Not sure the reason behind such errors. I think there is something
>>>> wrong, because when I am trying to login linux box using ldap
>>>> credentials, it simply closes the connection.
>
>>>As it says in this error message: "a successful bind must be completed on
the connection". This means you must authenticate to the LDAP server in order to
search in it.
>
>>>Check the -D and -w/-W options in the ldapsearch(1) man page. You'll need
a valid account in your LDAP server and it's password.
>
>>>Jonathan
>>>-- --------------------------------------------------------------
>>>Jonathan Clarke - jonathan(a)phillipoux.net
>>>--------------------------------------------------------------
>>>Ldap Synchronization Connector (LSC) - http://lsc-project.org
>>>--------------------------------------------------------------
>
>
>
>
>
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
3:32 a.m.
Le 01/03/2010 10:43, Cool The Breezer a écrit :
Thanks for suggestion. However still no luck.
Yes _e3user was password. I tried -W and -w too.
BTW, let me again repeat the steps done for configuration
- Install openldap
- Change /etc/openldap/ldap.conf property file
- Tried to login to linux box using LDAP credential -> it did not work
- Tried running authconfig with enableldap, enableldapauth etc... with
-update all filter
- Tried to login to linux box using LDAP credential -> Linux box
unexpectedly closed the connection and putty window closed
- Tried to run ldapsearch.....here I am now
Do you think, there are some steps or configurations I am missing.
Yes. To login via LDAP on your Linux box you also need to configure PAM
and NSS. Plenty of information on that by googling.
Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan(a)phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------
12:56 a.m.
Still no luck. It gave following errors
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data 525, vece
All credentials used correctly.
regards,
RB
________________________________
From: Echedey Lorenzo <echedey(a)gmail.com>
To: Cool The Breezer <techcool.kumar(a)yahoo.com>
Cc: Jonathan Clarke <jonathan(a)phillipoux.net>; openldap-technical(a)openldap.org
Sent: Mon, March 1, 2010 2:14:36 PM
Subject: Re: OpenLDAP client configuration with CentOS 5.3
Try:
ldapsearch -x -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W _e3user
KR
2010/3/1 Cool The Breezer <techcool.kumar(a)yahoo.com>
I tried as per suggestions using man page. But still getting the error
>ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W -X _e3user
>Enter LDAP Password:
SASL/EXTERNAL authentication started
>ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available:
It now generates a new error. I tried using authconfig with --enableldap, --enablewinbind
and --disableldaptls.
>Still users are not able to login to linux box using LDAP credentials.
>----- Original Message ----
>From: Jonathan Clarke <jonathan(a)phillipoux.net>
>To: Cool The Breezer <techcool.kumar(a)yahoo.com>
>Cc: openldap-technical(a)openldap.org
>Sent: Mon, March 1, 2010 1:16:32 PM
>Subject: Re: OpenLDAP client configuration with CentOS 5.3
Le 01/03/2010 06:53, Cool The Breezer a écrit :
>> Thanks for your suggestion. But still there is some problem.
>> /ldapsearch -H ldap://ldap-sunnyvale.juniper.net -x -LL
>> ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/
>> /
>> /
>> /Output: version: 1/
>> /
>> /
>> /Operations error (1)/
>> /Additional information: 00000000: LdapErr: DSID-0C090627, comment: In
>> order to perform this operation a successful bind must be completed on
>> the connection., data 0, vece/
>>
>> Not sure the reason behind such errors. I think there is something
>> wrong, because when I am trying to login linux box using ldap
>> credentials, it simply closes the connection.
>As it says in this error message: "a successful bind must be completed on the
connection". This means you must authenticate to the LDAP server in order to search
in it.
>Check the -D and -w/-W options in the ldapsearch(1) man page. You'll need a valid
account in your LDAP server and it's password.
>Jonathan
>-- --------------------------------------------------------------
>Jonathan Clarke - jonathan(a)phillipoux.net
>--------------------------------------------------------------
>Ldap Synchronization Connector (LSC) - http://lsc-project.org
>--------------------------------------------------------------
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
1:46 a.m.
Is the server using SSL/TLS connection?
________________________________
From: openldap-technical-bounces+qiang.xu=fujixerox.com(a)OpenLDAP.org
[mailto:openldap-technical-bounces+qiang.xu=fujixerox.com@OpenLDAP.org] On Behalf Of Cool
The Breezer
Sent: Monday, March 01, 2010 4:56 PM
To: Echedey Lorenzo
Cc: Jonathan Clarke; openldap-technical(a)openldap.org
Subject: Re: OpenLDAP client configuration with CentOS 5.3
Still no luck. It gave following errors
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data 525, vece
All credentials used correctly.
regards,
RB
________________________________
From: Echedey Lorenzo <echedey(a)gmail.com>
To: Cool The Breezer <techcool.kumar(a)yahoo.com>
Cc: Jonathan Clarke <jonathan(a)phillipoux.net>; openldap-technical(a)openldap.org
Sent: Mon, March 1, 2010 2:14:36 PM
Subject: Re: OpenLDAP client configuration with CentOS 5.3
Try:
ldapsearch -x -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W _e3user
KR
2010/3/1 Cool The Breezer
<techcool.kumar@yahoo.com<mailto:techcool.kumar@yahoo.com>>
I tried as per suggestions using man page. But still getting the error
ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W -X _e3user
Enter LDAP Password:
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
It now generates a new error. I tried using authconfig with --enableldap, --enablewinbind
and --disableldaptls.
Still users are not able to login to linux box using LDAP credentials.
----- Original Message ----
From: Jonathan Clarke
<jonathan@phillipoux.net<mailto:jonathan@phillipoux.net>>
To: Cool The Breezer
<techcool.kumar@yahoo.com<mailto:techcool.kumar@yahoo.com>>
Cc: openldap-technical@openldap.org<mailto:openldap-technical@openldap.org>
Sent: Mon, March 1, 2010 1:16:32 PM
Subject: Re: OpenLDAP client configuration with CentOS 5.3
Le 01/03/2010 06:53, Cool The Breezer a écrit :
Thanks for your suggestion. But still there is some problem.
/ldapsearch -H ldap://ldap-sunnyvale.juniper.net<http://ldap-sunnyvale.juniper.net>
-x -LL
ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/
/
/
/Output: version: 1/
/
/
/Operations error (1)/
/Additional information: 00000000: LdapErr: DSID-0C090627, comment: In
order to perform this operation a successful bind must be completed on
the connection., data 0, vece/
Not sure the reason behind such errors. I think there is something
wrong, because when I am trying to login linux box using ldap
credentials, it simply closes the connection.
As it says in this error message: "a successful bind must be completed on the
connection". This means you must authenticate to the LDAP server in order to search
in it.
Check the -D and -w/-W options in the ldapsearch(1) man page. You'll need a valid
account in your LDAP server and it's password.
Jonathan
-- --------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net<mailto:jonathan@phillipoux.net>
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
2:01 a.m.
I think it uses. We use the same for Windows login.
________________________________
From: "Xu, Qiang (FXSGSC)" <Qiang.Xu(a)fujixerox.com>
To: Cool The Breezer <techcool.kumar(a)yahoo.com>; Echedey Lorenzo
<echedey(a)gmail.com>
Cc: Jonathan Clarke <jonathan(a)phillipoux.net>;
"openldap-technical(a)openldap.org" <openldap-technical(a)openldap.org>
Sent: Mon, March 1, 2010 3:16:28 PM
Subject: RE: OpenLDAP client configuration with CentOS 5.3
Is the server
using SSL/TLS connection?
________________________________
From: > openldap-technical-bounces+qiang.xu=fujixerox.com(a)OpenLDAP.org
[mailto:openldap-technical-bounces+qiang.xu=fujixerox.com@OpenLDAP.org] On
Behalf Of Cool The Breezer
Sent: Monday, March 01, 2010 4:56
PM
To: Echedey Lorenzo
Cc: Jonathan Clarke;
openldap-technical(a)openldap.org
Subject: Re: OpenLDAP client
configuration with CentOS 5.3
Still no luck. It gave following errors
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr:
DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
All credentials used correctly.
regards,
RB
________________________________
From: Echedey Lorenzo
<echedey(a)gmail.com>
To: > Cool The Breezer <techcool.kumar(a)yahoo.com>
Cc: Jonathan Clarke
<jonathan(a)phillipoux.net>; openldap-technical(a)openldap.org
Sent: Mon, March 1, 2010 2:14:36
PM
Subject: Re: OpenLDAP
client configuration with CentOS 5.3
Try:
ldapsearch -x
-H ldap://xxx.yyy.com-D "cn=Directory Manager" "(objectclass=*)" -W
_e3user
KR
2010/3/1 Cool The Breezer <techcool.kumar(a)yahoo.com>
I tried as per suggestions using man page. But still
> getting the error
>
>ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory
> Manager" "(objectclass=*)" -W -X _e3user
>Enter LDAP Password:
>
>SASL/EXTERNAL authentication
> started
>ldap_sasl_interactive_bind_s: Unknown authentication method
> (-6)
> additional info: SASL(-4): no mechanism
> available:
>
>
>It now generates a new error. I tried using
> authconfig with --enableldap, --enablewinbind and
> --disableldaptls.
>Still users are not able to login to linux box
> using LDAP credentials.
>
>
>
>
>----- Original Message ----
>From: Jonathan
> Clarke <jonathan(a)phillipoux.net>
>To:
> Cool The Breezer <techcool.kumar(a)yahoo.com>
>Cc:
> openldap-technical(a)openldap.org
>Sent:
> Mon, March 1, 2010 1:16:32 PM
>Subject: Re: OpenLDAP client configuration
> with CentOS 5.3
>
>
>Le 01/03/2010 06:53, Cool The Breezer a écrit :
>> Thanks
> for your suggestion. But still there is some problem.
>> /ldapsearch -H
> ldap://ldap-sunnyvale.juniper.net -x -LL
>>
> ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/
>> /
>>
> /
>> /Output: version: 1/
>> /
>> /
>> /Operations error
> (1)/
>> /Additional information: 00000000: LdapErr: DSID-0C090627,
> comment: In
>> order to perform this operation a successful bind must
> be completed on
>> the connection., data 0, vece/
>>
>> Not
> sure the reason behind such errors. I think there is something
>>
> wrong, because when I am trying to login linux box using ldap
>>
> credentials, it simply closes the connection.
>
>As it says in this
> error message: "a successful bind must be completed on the connection".
This
> means you must authenticate to the LDAP server in order to search in
> it.
>
>Check the -D and -w/-W options in the ldapsearch(1) man page.
> You'll need a valid account in your LDAP server and it's
> password.
>
>Jonathan
>--
> --------------------------------------------------------------
>Jonathan
> Clarke - jonathan(a)phillipoux.net
>--------------------------------------------------------------
>Ldap
> Synchronization Connector (LSC) - http://lsc-project.org
>--------------------------------------------------------------
>
>
>
>
>
--
--------------------------------------------
| Echedey
Lorenzo Arencibia
|
--------------------------------------------
2:04 a.m.
Then you probably should use port 636 instead of default port of 389, e.g., ldapsearch -x
-H ldap://xxx.yyy.com -p 636 -D "cn=Directory Manager"
"(objectclass=*)" -W _e3user
________________________________
From: Cool The Breezer [mailto:techcool.kumar@yahoo.com]
Sent: Monday, March 01, 2010 6:02 PM
To: Xu, Qiang (FXSGSC); Echedey Lorenzo
Cc: Jonathan Clarke; openldap-technical(a)openldap.org
Subject: Re: OpenLDAP client configuration with CentOS 5.3
I think it uses. We use the same for Windows login.
________________________________
From: "Xu, Qiang (FXSGSC)" <Qiang.Xu(a)fujixerox.com>
To: Cool The Breezer <techcool.kumar(a)yahoo.com>; Echedey Lorenzo
<echedey(a)gmail.com>
Cc: Jonathan Clarke <jonathan(a)phillipoux.net>;
"openldap-technical(a)openldap.org" <openldap-technical(a)openldap.org>
Sent: Mon, March 1, 2010 3:16:28 PM
Subject: RE: OpenLDAP client configuration with CentOS 5.3
Is the server using SSL/TLS connection?
________________________________
From: openldap-technical-bounces+qiang.xu=fujixerox.com(a)OpenLDAP.org
[mailto:openldap-technical-bounces+qiang.xu=fujixerox.com@OpenLDAP.org] On Behalf Of Cool
The Breezer
Sent: Monday, March 01, 2010 4:56 PM
To: Echedey Lorenzo
Cc: Jonathan Clarke; openldap-technical(a)openldap.org
Subject: Re: OpenLDAP client configuration with CentOS 5.3
Still no luck. It gave following errors
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data 525, vece
All credentials used correctly.
regards,
RB
________________________________
From: Echedey Lorenzo <echedey(a)gmail.com>
To: Cool The Breezer <techcool.kumar(a)yahoo.com>
Cc: Jonathan Clarke <jonathan(a)phillipoux.net>; openldap-technical(a)openldap.org
Sent: Mon, March 1, 2010 2:14:36 PM
Subject: Re: OpenLDAP client configuration with CentOS 5.3
Try:
ldapsearch -x -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W _e3user
KR
2010/3/1 Cool The Breezer
<techcool.kumar@yahoo.com<mailto:techcool.kumar@yahoo.com>>
I tried as per suggestions using man page. But still getting the error
ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W -X _e3user
Enter LDAP Password:
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
It now generates a new error. I tried using authconfig with --enableldap, --enablewinbind
and --disableldaptls.
Still users are not able to login to linux box using LDAP credentials.
----- Original Message ----
From: Jonathan Clarke
<jonathan@phillipoux.net<mailto:jonathan@phillipoux.net>>
To: Cool The Breezer
<techcool.kumar@yahoo.com<mailto:techcool.kumar@yahoo.com>>
Cc: openldap-technical@openldap.org<mailto:openldap-technical@openldap.org>
Sent: Mon, March 1, 2010 1:16:32 PM
Subject: Re: OpenLDAP client configuration with CentOS 5.3
Le 01/03/2010 06:53, Cool The Breezer a écrit :
Thanks for your suggestion. But still there is some problem.
/ldapsearch -H ldap://ldap-sunnyvale.juniper.net<http://ldap-sunnyvale.juniper.net>
-x -LL
ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/
/
/
/Output: version: 1/
/
/
/Operations error (1)/
/Additional information: 00000000: LdapErr: DSID-0C090627, comment: In
order to perform this operation a successful bind must be completed on
the connection., data 0, vece/
Not sure the reason behind such errors. I think there is something
wrong, because when I am trying to login linux box using ldap
credentials, it simply closes the connection.
As it says in this error message: "a successful bind must be completed on the
connection". This means you must authenticate to the LDAP server in order to search
in it.
Check the -D and -w/-W options in the ldapsearch(1) man page. You'll need a valid
account in your LDAP server and it's password.
Jonathan
-- --------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net<mailto:jonathan@phillipoux.net>
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
2:05 a.m.
change ldap:// to ldaps:// in your command.
________________________________
From: Cool The Breezer [mailto:techcool.kumar@yahoo.com]
Sent: Monday, March 01, 2010 6:02 PM
To: Xu, Qiang (FXSGSC); Echedey Lorenzo
Cc: Jonathan Clarke; openldap-technical(a)openldap.org
Subject: Re: OpenLDAP client configuration with CentOS 5.3
I think it uses. We use the same for Windows login.
________________________________
From: "Xu, Qiang (FXSGSC)" <Qiang.Xu(a)fujixerox.com>
To: Cool The Breezer <techcool.kumar(a)yahoo.com>; Echedey Lorenzo
<echedey(a)gmail.com>
Cc: Jonathan Clarke <jonathan(a)phillipoux.net>;
"openldap-technical(a)openldap.org" <openldap-technical(a)openldap.org>
Sent: Mon, March 1, 2010 3:16:28 PM
Subject: RE: OpenLDAP client configuration with CentOS 5.3
Is the server using SSL/TLS connection?
________________________________
From: openldap-technical-bounces+qiang.xu=fujixerox.com(a)OpenLDAP.org
[mailto:openldap-technical-bounces+qiang.xu=fujixerox.com@OpenLDAP.org] On Behalf Of Cool
The Breezer
Sent: Monday, March 01, 2010 4:56 PM
To: Echedey Lorenzo
Cc: Jonathan Clarke; openldap-technical(a)openldap.org
Subject: Re: OpenLDAP client configuration with CentOS 5.3
Still no luck. It gave following errors
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data 525, vece
All credentials used correctly.
regards,
RB
________________________________
From: Echedey Lorenzo <echedey(a)gmail.com>
To: Cool The Breezer <techcool.kumar(a)yahoo.com>
Cc: Jonathan Clarke <jonathan(a)phillipoux.net>; openldap-technical(a)openldap.org
Sent: Mon, March 1, 2010 2:14:36 PM
Subject: Re: OpenLDAP client configuration with CentOS 5.3
Try:
ldapsearch -x -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W _e3user
KR
2010/3/1 Cool The Breezer
<techcool.kumar@yahoo.com<mailto:techcool.kumar@yahoo.com>>
I tried as per suggestions using man page. But still getting the error
ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W -X _e3user
Enter LDAP Password:
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
It now generates a new error. I tried using authconfig with --enableldap, --enablewinbind
and --disableldaptls.
Still users are not able to login to linux box using LDAP credentials.
----- Original Message ----
From: Jonathan Clarke
<jonathan@phillipoux.net<mailto:jonathan@phillipoux.net>>
To: Cool The Breezer
<techcool.kumar@yahoo.com<mailto:techcool.kumar@yahoo.com>>
Cc: openldap-technical@openldap.org<mailto:openldap-technical@openldap.org>
Sent: Mon, March 1, 2010 1:16:32 PM
Subject: Re: OpenLDAP client configuration with CentOS 5.3
Le 01/03/2010 06:53, Cool The Breezer a écrit :
Thanks for your suggestion. But still there is some problem.
/ldapsearch -H ldap://ldap-sunnyvale.juniper.net<http://ldap-sunnyvale.juniper.net>
-x -LL
ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/
/
/
/Output: version: 1/
/
/
/Operations error (1)/
/Additional information: 00000000: LdapErr: DSID-0C090627, comment: In
order to perform this operation a successful bind must be completed on
the connection., data 0, vece/
Not sure the reason behind such errors. I think there is something
wrong, because when I am trying to login linux box using ldap
credentials, it simply closes the connection.
As it says in this error message: "a successful bind must be completed on the
connection". This means you must authenticate to the LDAP server in order to search
in it.
Check the -D and -w/-W options in the ldapsearch(1) man page. You'll need a valid
account in your LDAP server and it's password.
Jonathan
-- --------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net<mailto:jonathan@phillipoux.net>
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
2:07 a.m.
If you are using SSL I think you also need to setup the certificate the
server is using in your ldap client.
2010/3/1 Xu, Qiang (FXSGSC) <Qiang.Xu(a)fujixerox.com>
change ldap:// to ldaps:// in your command.
------------------------------
*From:* Cool The Breezer [mailto:techcool.kumar@yahoo.com]
*Sent:* Monday, March 01, 2010 6:02 PM
*To:* Xu, Qiang (FXSGSC); Echedey Lorenzo
*Cc:* Jonathan Clarke; openldap-technical(a)openldap.org
*Subject:* Re: OpenLDAP client configuration with CentOS 5.3
I think it uses. We use the same for Windows login.
------------------------------
*From:* "Xu, Qiang (FXSGSC)" <Qiang.Xu(a)fujixerox.com>
*To:* Cool The Breezer <techcool.kumar(a)yahoo.com>; Echedey Lorenzo <
echedey(a)gmail.com>
*Cc:* Jonathan Clarke <jonathan(a)phillipoux.net>; "
openldap-technical(a)openldap.org" <openldap-technical(a)openldap.org>
*Sent:* Mon, March 1, 2010 3:16:28 PM
*Subject:* RE: OpenLDAP client configuration with CentOS 5.3
Is the server using SSL/TLS connection?
------------------------------
*From:* openldap-technical-bounces+qiang.xu=fujixerox.com(a)OpenLDAP.org
[mailto:openldap-technical-bounces+qiang.xu<openldap-technical-bounces%2Bqiang.xu>
=fujixerox.com(a)OpenLDAP.org] *On Behalf Of *Cool The Breezer
*Sent:* Monday, March 01, 2010 4:56 PM
*To:* Echedey Lorenzo
*Cc:* Jonathan Clarke; openldap-technical(a)openldap.org
*Subject:* Re: OpenLDAP client configuration with CentOS 5.3
Still no luck. It gave following errors
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext error, data 525, vece
All credentials used correctly.
regards,
RB
------------------------------
*From:* Echedey Lorenzo <echedey(a)gmail.com>
*To:* Cool The Breezer <techcool.kumar(a)yahoo.com>
*Cc:* Jonathan Clarke <jonathan(a)phillipoux.net>;
openldap-technical(a)openldap.org
*Sent:* Mon, March 1, 2010 2:14:36 PM
*Subject:* Re: OpenLDAP client configuration with CentOS 5.3
Try:
ldapsearch -x -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W _e3user
KR
2010/3/1 Cool The Breezer <techcool.kumar(a)yahoo.com>
> I tried as per suggestions using man page. But still getting the error
>
> ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory Manager"
> "(objectclass=*)" -W -X _e3user
> Enter LDAP Password:
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available:
>
>
> It now generates a new error. I tried using authconfig with --enableldap,
> --enablewinbind and --disableldaptls.
> Still users are not able to login to linux box using LDAP credentials.
>
>
>
> ----- Original Message ----
> From: Jonathan Clarke <jonathan(a)phillipoux.net>
> To: Cool The Breezer <techcool.kumar(a)yahoo.com>
> Cc: openldap-technical(a)openldap.org
> Sent: Mon, March 1, 2010 1:16:32 PM
> Subject: Re: OpenLDAP client configuration with CentOS 5.3
>
> Le 01/03/2010 06:53, Cool The Breezer a écrit :
> > Thanks for your suggestion. But still there is some problem.
> > /ldapsearch -H ldap://ldap-sunnyvale.juniper.net -x -LL
> > ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/
> > /
> > /
> > /Output: version: 1/
> > /
> > /
> > /Operations error (1)/
> > /Additional information: 00000000: LdapErr: DSID-0C090627, comment: In
> > order to perform this operation a successful bind must be completed on
> > the connection., data 0, vece/
> >
> > Not sure the reason behind such errors. I think there is something
> > wrong, because when I am trying to login linux box using ldap
> > credentials, it simply closes the connection.
>
> As it says in this error message: "a successful bind must be completed on
> the connection". This means you must authenticate to the LDAP server in
> order to search in it.
>
> Check the -D and -w/-W options in the ldapsearch(1) man page. You'll need
> a valid account in your LDAP server and it's password.
>
> Jonathan
> -- --------------------------------------------------------------
> Jonathan Clarke - jonathan(a)phillipoux.net
> --------------------------------------------------------------
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
> --------------------------------------------------------------
>
>
>
>
>
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
2:09 a.m.
I got the error
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
________________________________
From: "Xu, Qiang (FXSGSC)" <Qiang.Xu(a)fujixerox.com>
To: Cool The Breezer <techcool.kumar(a)yahoo.com>; Echedey Lorenzo
<echedey(a)gmail.com>
Cc: Jonathan Clarke <jonathan(a)phillipoux.net>;
"openldap-technical(a)openldap.org" <openldap-technical(a)openldap.org>
Sent: Mon, March 1, 2010 3:35:14 PM
Subject: RE: OpenLDAP client configuration with CentOS 5.3
change ldap:// to ldaps:// in your
command.
________________________________
From: Cool The Breezer
[mailto:techcool.kumar@yahoo.com]
Sent: Monday, March 01, 2010 6:02
PM
To: Xu, Qiang (FXSGSC); Echedey Lorenzo
Cc: Jonathan
Clarke; openldap-technical(a)openldap.org
Subject: Re: OpenLDAP client
configuration with CentOS 5.3
I think it uses. We use the same for Windows login.
________________________________
From: "Xu, Qiang (FXSGSC)"
<Qiang.Xu(a)fujixerox.com>
To: Cool The Breezer
<techcool.kumar(a)yahoo.com>; Echedey Lorenzo
<echedey(a)gmail.com>
Cc: > Jonathan Clarke <jonathan(a)phillipoux.net>;
"openldap-technical(a)openldap.org"
<openldap-technical(a)openldap.org>
Sent: Mon, March 1, 2010 3:16:28
PM
Subject: RE: OpenLDAP
client configuration with CentOS 5.3
>
Is the server
using SSL/TLS connection?
________________________________
From: >> openldap-technical-bounces+qiang.xu=fujixerox.com(a)OpenLDAP.org
>
[mailto:openldap-technical-bounces+qiang.xu=fujixerox.com@OpenLDAP.org]
> On Behalf Of Cool The Breezer
>Sent: Monday, March 01, 2010
> 4:56 PM
>To: Echedey Lorenzo
>Cc: Jonathan Clarke;
> openldap-technical(a)openldap.org
>Subject: Re: OpenLDAP client
> configuration with CentOS 5.3
>
>
>Still no luck. It gave following errors
>
>
>ldap_bind: Invalid credentials (49)
> additional info: 80090308: LdapErr:
> DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
>
>
>All credentials used correctly.
>regards,
>RB
>
>
>
________________________________
From: Echedey Lorenzo
> <echedey(a)gmail.com>
>To: Cool The Breezer
> <techcool.kumar(a)yahoo.com>
>Cc: Jonathan Clarke
> <jonathan(a)phillipoux.net>; openldap-technical(a)openldap.org
>Sent: Mon, March 1, 2010 2:14:36
> PM
>Subject: Re: OpenLDAP
> client configuration with CentOS 5.3
>
>Try:
>
>ldapsearch -x
> -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W
> _e3user
>
>KR
>
>
>2010/3/1 Cool The Breezer <techcool.kumar(a)yahoo.com>
>
>I tried as per suggestions using man page. But still
>> getting the error
>>
>>ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory
>> Manager" "(objectclass=*)" -W -X _e3user
>>Enter LDAP Password:
>>
>>SASL/EXTERNAL authentication
>> started
>>ldap_sasl_interactive_bind_s: Unknown authentication method
>> (-6)
>> additional info: SASL(-4): no mechanism
>> available:
>>
>>
>>It now generates a new error. I tried using
>> authconfig with --enableldap, --enablewinbind and
>> --disableldaptls.
>>Still users are not able to login to linux box
>> using LDAP credentials.
>>
>>
>>
>>
>>----- Original Message ----
>>From: Jonathan
>> Clarke <jonathan(a)phillipoux.net>
>>To:
>> Cool The Breezer <techcool.kumar(a)yahoo.com>
>>Cc:
>> openldap-technical(a)openldap.org
>>Sent:
>> Mon, March 1, 2010 1:16:32 PM
>>Subject: Re: OpenLDAP client
>> configuration with CentOS 5.3
>>
>>
>>Le 01/03/2010 06:53, Cool The Breezer a écrit :
>>>
>> Thanks for your suggestion. But still there is some problem.
>>>
>> /ldapsearch -H ldap://ldap-sunnyvale.juniper.net -x -LL
>>>
>> ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/
>>> /
>>>
>> /
>>> /Output: version: 1/
>>> /
>>> /
>>> /Operations
>> error (1)/
>>> /Additional information: 00000000: LdapErr:
>> DSID-0C090627, comment: In
>>> order to perform this operation a
>> successful bind must be completed on
>>> the connection., data 0,
>> vece/
>>>
>>> Not sure the reason behind such errors. I think
>> there is something
>>> wrong, because when I am trying to login linux
>> box using ldap
>>> credentials, it simply closes the
>> connection.
>>
>>As it says in this error message: "a successful bind
>> must be completed on the connection". This means you must authenticate
to
>> the LDAP server in order to search in it.
>>
>>Check the -D and -w/-W
>> options in the ldapsearch(1) man page. You'll need a valid account in
your
>> LDAP server and it's password.
>>
>>Jonathan
>>--
>> --------------------------------------------------------------
>>Jonathan
>> Clarke - jonathan(a)phillipoux.net
>>--------------------------------------------------------------
>>Ldap
>> Synchronization Connector (LSC) - http://lsc-project.org
>>--------------------------------------------------------------
>>
>>
>>
>>
>>
>
>
>--
>--------------------------------------------
>|
> Echedey Lorenzo Arencibia
> |
>--------------------------------------------
>
>
2:12 a.m.
So there it is,
Import your server's certificate in your client. Check out some nice
tutorials you can find in the net, like this useful blog:
http://networknerd.wordpress.com/2008/10/26/configuring-openldap-for-clie...
KR
2010/3/1 Cool The Breezer <techcool.kumar(a)yahoo.com>
I got the error
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
------------------------------
*From:* "Xu, Qiang (FXSGSC)" <Qiang.Xu(a)fujixerox.com>
*To:* Cool The Breezer <techcool.kumar(a)yahoo.com>; Echedey Lorenzo <
echedey(a)gmail.com>
*Cc:* Jonathan Clarke <jonathan(a)phillipoux.net>; "
openldap-technical(a)openldap.org" <openldap-technical(a)openldap.org>
*Sent:* Mon, March 1, 2010 3:35:14 PM
*Subject:* RE: OpenLDAP client configuration with CentOS 5.3
change ldap:// to ldaps:// in your command.
------------------------------
*From:* Cool The Breezer [mailto:techcool.kumar@yahoo.com]
*Sent:* Monday, March 01, 2010 6:02 PM
*To:* Xu, Qiang (FXSGSC); Echedey Lorenzo
*Cc:* Jonathan Clarke; openldap-technical(a)openldap.org
*Subject:* Re: OpenLDAP client configuration with CentOS 5.3
I think it uses. We use the same for Windows login.
------------------------------
*From:* "Xu, Qiang (FXSGSC)" <Qiang.Xu(a)fujixerox.com>
*To:* Cool The Breezer <techcool.kumar(a)yahoo.com>; Echedey Lorenzo <
echedey(a)gmail.com>
*Cc:* Jonathan Clarke <jonathan(a)phillipoux.net>; "
openldap-technical(a)openldap.org" <openldap-technical(a)openldap.org>
*Sent:* Mon, March 1, 2010 3:16:28 PM
*Subject:* RE: OpenLDAP client configuration with CentOS 5.3
Is the server using SSL/TLS connection?
------------------------------
*From:* openldap-technical-bounces+qiang.xu=fujixerox.com(a)OpenLDAP.org
[mailto:openldap-technical-bounces+qiang.xu<openldap-technical-bounces%2Bqiang.xu>
=fujixerox.com(a)OpenLDAP.org] *On Behalf Of *Cool The Breezer
*Sent:* Monday, March 01, 2010 4:56 PM
*To:* Echedey Lorenzo
*Cc:* Jonathan Clarke; openldap-technical(a)openldap.org
*Subject:* Re: OpenLDAP client configuration with CentOS 5.3
Still no luck. It gave following errors
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext error, data 525, vece
All credentials used correctly.
regards,
RB
------------------------------
*From:* Echedey Lorenzo <echedey(a)gmail.com>
*To:* Cool The Breezer <techcool.kumar(a)yahoo.com>
*Cc:* Jonathan Clarke <jonathan(a)phillipoux.net>;
openldap-technical(a)openldap.org
*Sent:* Mon, March 1, 2010 2:14:36 PM
*Subject:* Re: OpenLDAP client configuration with CentOS 5.3
Try:
ldapsearch -x -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W _e3user
KR
2010/3/1 Cool The Breezer <techcool.kumar(a)yahoo.com>
> I tried as per suggestions using man page. But still getting the error
>
> ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory Manager"
> "(objectclass=*)" -W -X _e3user
> Enter LDAP Password:
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available:
>
>
> It now generates a new error. I tried using authconfig with --enableldap,
> --enablewinbind and --disableldaptls.
> Still users are not able to login to linux box using LDAP credentials.
>
>
>
> ----- Original Message ----
> From: Jonathan Clarke <jonathan(a)phillipoux.net>
> To: Cool The Breezer <techcool.kumar(a)yahoo.com>
> Cc: openldap-technical(a)openldap.org
> Sent: Mon, March 1, 2010 1:16:32 PM
> Subject: Re: OpenLDAP client configuration with CentOS 5.3
>
> Le 01/03/2010 06:53, Cool The Breezer a écrit :
> > Thanks for your suggestion. But still there is some problem.
> > /ldapsearch -H ldap://ldap-sunnyvale.juniper.net -x -LL
> > ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/
> > /
> > /
> > /Output: version: 1/
> > /
> > /
> > /Operations error (1)/
> > /Additional information: 00000000: LdapErr: DSID-0C090627, comment: In
> > order to perform this operation a successful bind must be completed on
> > the connection., data 0, vece/
> >
> > Not sure the reason behind such errors. I think there is something
> > wrong, because when I am trying to login linux box using ldap
> > credentials, it simply closes the connection.
>
> As it says in this error message: "a successful bind must be completed on
> the connection". This means you must authenticate to the LDAP server in
> order to search in it.
>
> Check the -D and -w/-W options in the ldapsearch(1) man page. You'll need
> a valid account in your LDAP server and it's password.
>
> Jonathan
> -- --------------------------------------------------------------
> Jonathan Clarke - jonathan(a)phillipoux.net
> --------------------------------------------------------------
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
> --------------------------------------------------------------
>
>
>
>
>
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
3:32 a.m.
Le 01/03/2010 09:37, Cool The Breezer a écrit :
I tried as per suggestions using man page. But still getting the
error
ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W -X _e3user
Enter LDAP Password:
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
You don't seem to be following the advice that was given previously
(using the -x option). Also, please read the man page to understand what
these options mean.
I think you're looking for something like:
ldapsearch -x -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -w _e3user
However, are you sure that "cn=Directory Manager" exists and is the
correct DN to bind with?
Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan(a)phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------
4:23 a.m.
You can make:
ldapsearch -H ldap://ldap-sunnyvale.juniper.net -x -LL -b
ou=people,dc=jnpr,dc=net "(mail=*norton*)" sn cn mail
Note the option "-b" and substitution of "{" by "(" and
"}" by ")".
Try again...
2010/3/1 Cool The Breezer <techcool.kumar(a)yahoo.com>:
Thanks for your suggestion. But still there is some problem.
ldapsearch -H ldap://ldap-sunnyvale.juniper.net -x -LL
ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail
Output: version: 1
Operations error (1)
Additional information: 00000000: LdapErr: DSID-0C090627, comment: In order
to perform this operation a successful bind must be completed on the
connection., data 0, vece
Not sure the reason behind such errors. I think there is something wrong,
because when I am trying to login linux box using ldap credentials, it
simply closes the connection.
________________________________
From: Echedey Lorenzo <echedey(a)gmail.com>
To: Benjamin Griese <der.darude(a)gmail.com>
Cc: Cool The Breezer <techcool.kumar(a)yahoo.com>;
openldap-technical(a)openldap.org
Sent: Sat, February 27, 2010 2:32:08 AM
Subject: Re: OpenLDAP client configuration with CentOS 5.3
Hi,
Maybe using the -x option in your ldapsearch requests may resolve your
problem.
KR
2010/2/26 Benjamin Griese <der.darude(a)gmail.com>
>
> Hi,
>
> have you read the manpage for ldapsearch?
> You should deliver some more information which parameter did you use for
> ldapsearch to figure out where is the problem is.
>
> http://www.zytrax.com/books/ldap/ch14/#ldapsearch
> Try this URL for example.
>
> Bye
>
> On Fri, Feb 26, 2010 at 09:08, Cool The Breezer <techcool.kumar(a)yahoo.com>
> wrote:
>>
>> Hi All,
>> We have a dedicated LDAP server and I would like to configure
>> OpenLDAP client in our linux boxes running on centOS 5.3.
>> I have installed openldap client and changed /etc/openldap/ldap.conf with
>> folllowing info
>>
>> BASE dc=my, dc=net
>> URI ldap://10.122.12.13
>>
>> But when I try to run ldapsearch, I get following error
>>
>> SASL/EXTERNAL authentication started
>> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>> additional info: SASL(-4): no mechanism available:
>>
>> The objective is anybody having ldap id can login to linux box. At
>> present, I am manually creating individual ids which we want to integrate
>> with LDAP authentication.
>> I would appreciate your help
>>
>> - RB
>>
>>
>>
>
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
4837
days inactive
4840
days old
openldap-technical@openldap.org
19 comments
6 participants
participants (6)
-
Benjamin Griese -
Cool The Breezer -
Echedey Lorenzo -
Jarbas Peixoto Júnior -
Jonathan Clarke -
Xu, Qiang (FXSGSC)