[Fwd: Re: [Lias] OpenLDAP]

Wed Dec 17 13:00:02 UTC 2003

Probably also need to specify the base dn, so try the following test:

$ ldapsearch -h localhost -b 'dc=olmc,dc=nsw,dc=edu,dc=au' -x 
'(uid=testuser)'

This sees if an anonymous bind can search for the account in the 
directory. If this returns nothing, as Craig mentioned, then your up 
the proverbial creek and need to concentrate on getting your directory 
up and running first.

If it did find an entry, then try binding as that user and doing a 
search after binding as a particular user:

$ ldapseach -h localhost -b 'dc=olmc,dc=nsw,dc=edu,dc=au' -D 
'uid=testuser,dc=olmc,dc=nsw,dc=edu,dc=au' -Wx

On Wednesday, December 17, 2003, at 03:51  PM, Craig Ringer wrote:

>> Dec 17 15:26:14 Voyager nscd: nss_ldap: reconnected to LDAP server 
>> after 1 attempt(s)
>
> For debugging purposes you're often better off disabling nscd.
>
> As for the rest of your problem - I can't really tell what could be 
> wrong. Have you confirmed that the user you're trying to log in is in 
> the ldap directory? Made sure you can authenticate as them using the 
> LDAP tools?
>
> Try:
>
> 	ldapsearch -x -h localhost
>
> and see if the user is listed. If so, try
>
> 	ldapserch -x -D $USER_DN -w
>
> (where $USER_DN is the user's LDAP distinguished name. In my LDAP 
> directory, I'm:
> 	uid=craig,ou=People,dc=postnewspapers,dc=com,dc=au
> )
>
> and see if you can bind as them to the directory. If you can't do 
> that, then there's something wrong with your LDAP setup and nothing 
> else will work.
>
> Once you can bind directly as the user, /then/ try it through ssh or a 
> console login. If you still have trouble, make sure that _both_ 
> pam_ldap and nss_ldap are correctly configured - if only one is 
> (especially if it's just PAM), weird things tend to happen.
>
> Craig Ringer
>
> _______________________________________________
> lias mailing list
> lias at lists.linux.org.au
> http://lists.linux.org.au/listinfo/lias