I'm installing ldap client on CentOS 7 hosts. Some work, some do not. For those that don't work, I don't know why. The install / setup process I used was the same on all hosts.
yum install nss-pam-ldapd openldap-clients -y authconfig --enableldap --enableldapauth --ldapserver=172.19.33.1 --ldapbasedn="dc=users,dc=domain,dc=com" --enablemkhomedir --update systemctl start nslcd getent passwd useraccount
The last command fails. Vital signs on all hosts are fine, network, connectivity, ports, ntp, etc..
Where do I even begin troubleshooting the failure?
Thanks in advance.
Begin by removing the PADL libraries and leveraging SSSD.
On Jan 30, 2019 12:19 AM, sami's strat sami.strat@gmail.com wrote: I'm installing ldap client on CentOS 7 hosts. Some work, some do not. For those that don't work, I don't know why. The install / setup process I used was the same on all hosts.
yum install nss-pam-ldapd openldap-clients -y authconfig --enableldap --enableldapauth --ldapserver=172.19.33.1 --ldapbasedn="dc=users,dc=domain,dc=com" --enablemkhomedir --update systemctl start nslcd getent passwd useraccount
The last command fails. Vital signs on all hosts are fine, network, connectivity, ports, ntp, etc..
Where do I even begin troubleshooting the failure?
Thanks in advance.
--On Wednesday, January 30, 2019 10:45 AM +0000 Michael Starling mlstarling31@hotmail.com wrote:
Begin by removing the PADL libraries and leveraging SSSD.
nss-pam-ldapd is not the PADL libraries. https://arthurdejong.org/nss-pam-ldapd/
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
My mistake. I misread.
I have a personal preference to SSSD as the configuration is centralized and it's more feature rich.
________________________________ From: Quanah Gibson-Mount quanah@symas.com Sent: Wednesday, January 30, 2019 9:36 AM To: Michael Starling; sami's strat Cc: openldap Subject: Re: ldap client failing
--On Wednesday, January 30, 2019 10:45 AM +0000 Michael Starling mlstarling31@hotmail.com wrote:
Begin by removing the PADL libraries and leveraging SSSD.
nss-pam-ldapd is not the PADL libraries. https://arthurdejong.org/nss-pam-ldapd/
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Michael Starling wrote:
Begin by removing the PADL libraries and leveraging SSSD.
He shows explicitly that he's using nss-pam-ldapd, not the PADL libraries. PADL stuff was deprecated a dozen years ago or so.
On Jan 30, 2019 12:19 AM, sami's strat sami.strat@gmail.com wrote: I'm installing ldap client on CentOS 7 hosts. Some work, some do not. For those that don't work, I don't know why. The install / setup process I used was the same on all hosts.
yum install nss-pam-ldapd openldap-clients -y authconfig --enableldap --enableldapauth --ldapserver=172.19.33.1 --ldapbasedn="dc=users,dc=domain,dc=com" --enablemkhomedir --update systemctl start nslcd getent passwd useraccount
The last command fails. Vital signs on all hosts are fine, network, connectivity, ports, ntp, etc..
Where do I even begin troubleshooting the failure?
Thanks in advance.
--On Tuesday, January 29, 2019 11:19 PM -0500 sami's strat sami.strat@gmail.com wrote:
The last command fails. Vital signs on all hosts are fine, network, connectivity, ports, ntp, etc..
Where do I even begin troubleshooting the failure?
Logs. On the OpenLDAP slapd side, I would be sure to have "stats" level logging enabled. Then see what slapd logs when you run the getent command to see if a) there is a connection occuring from nslcd, b) if it can bind successfully to slapd c) if the search is executed successfully d) if the search contained results
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Howard Chu -
Michael Starling -
Quanah Gibson-Mount -
sami's strat