'Re: Reg OpenLdap on Ubuntu'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-technical
Subject:    Re: Reg OpenLdap on Ubuntu
From:       Matt Kassawara <battery () writeme ! com>
Date:       2009-07-23 14:01:01
Message-ID: 9d16b5480907230701m4f9960ees45787656b23e6743 () mail ! gmail ! com
[Download RAW message or body]

["attachment.htm" (text/html)]

By default, ldapsearch will try authentication via SASL.  Either configure slapd to \
handle the latter or use -x in addition to -ZZ to force simple \
authentication.<br><br><div class="gmail_quote">On Wed, Jul 22, 2009 at 11:31 PM, \
Asimananda Mohanty <span dir="ltr">&lt;<a \
href="mailto:asimananda.mohanty@gmail.com">asimananda.mohanty@gmail.com</a>&gt;</span> \
wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex;">Hi Matt,<div><br></div><div>Thank you very \
much.<div><br></div><div>I got rid of both the errors by <div><br></div><div> 1. \
Installing libpam-foreground</div><div>2. By changing the uri in /etc/ldap.conf from \
ldap to ldaps</div> <div><br></div><div>One last thing is remaining \
now....</div><div><br></div><div>When tried &quot;ldapsearch -ZZ&quot;, it asks for \
some password. When provided with the password, it didn&#39;t accept it (the same \
password what I created during dpkg --configure slapd)</div>

<div><br></div><div><div># ldapsearch -ZZ</div><div>SASL/DIGEST-MD5 authentication \
started</div><div>Please enter your password:</div><div>ldap_sasl_interactive_bind_s: \
Invalid credentials (49)</div><div><br></div><div>Thanks again.</div>

<div><br></div><font color="#888888"><div>-Asimananda</div></font><div><div \
class="h5"><br><div class="gmail_quote">On Wed, Jul 22, 2009 at 8:42 PM, Matt \
Kassawara <span dir="ltr">&lt;<a href="mailto:battery@writeme.com" \
target="_blank">battery@writeme.com</a>&gt;</span> wrote:<br> <blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"> Installing libpam-foreground or removing the reference to it \
in /etc/pam.d/common-session will clear up the first error.  The second error \
probably stems from misconfiguration in /etc/ldap.conf... particularly with how PAM \
tries to contact your LDAP server (uri, port, ssl/tls directives).<br>


<br><div class="gmail_quote">2009/7/20 Asimananda Mohanty <span dir="ltr">&lt;<a \
href="mailto:asimananda.mohanty@gmail.com" \
target="_blank">asimananda.mohanty@gmail.com</a>&gt;</span><div><div><br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">


<span style="color:rgb(51, 51, 255)">Hi Michael,</span><br style="color:rgb(51, 51, \
255)"><br style="color:rgb(51, 51, 255)"><span style="color:rgb(51, 51, 255)">The \
command mentioned by you is running fine and it doesn&#39;t show any error.</span><br \
style="color:rgb(51, 51, 255)">



<br style="color:rgb(51, 51, 255)"><span style="color:rgb(51, 51, 255)">That means \
that simple bind works fine. <br><br><b>By stating &quot;I am able to login to the \
server&quot;, I meant that I am able to establish an ssh session (via putty) with the \
server by providing user id and password. In that case, I don&#39;t really understand \
the error while logging in by that user id.</b></span><br style="color:rgb(51, 51, \
255)">



<br style="color:rgb(51, 51, 255)"><span style="color:rgb(51, 51, 255)">Thanks for \
your support.</span><br style="color:rgb(51, 51, 255)"><br style="color:rgb(51, 51, \
255)"> <span style="color:rgb(51, 51, 255)">-Asimananda</span><br><br><div \
class="gmail_quote"><div>2009/7/20 Michael Ströder <span dir="ltr">&lt;<a \
href="mailto:michael@stroeder.com" \
target="_blank">michael@stroeder.com</a>&gt;</span><br>


</div><blockquote class="gmail_quote" style="border-left:1px solid rgb(204, 204, \
204);margin:0pt 0pt 0pt 0.8ex;padding-left:1ex"> <div>Asimananda Mohanty \
wrote:<div><div><br> &gt; I think the LDAP in current form should solve my \
purpose.<br> &gt;<br>
&gt; Currently I have client and server on the same machine. I have created<br>
&gt; one user in LDAP namely asimananda and I am able to login to the server<br>
&gt; by the same too.<br>
<br>
</div></div></div><div><div>What does &quot;I am able to login to the server&quot; \
mean exactly. Did you test<br> with ldapwhoami -x -D &lt;bind-DN of asimananda&gt; -W \
whether simple bind works?<br> <br>
&gt; *PAM unable to dlopen(/lib/security/pam_foreground.so):<br>
<div>&gt; /lib/security/pam_foreground.so: cannot open shared object file: No \
such<br> &gt; file or directory<br>
&gt; PAM adding faulty module: /lib/security/pam_foreground.so<br>
&gt; pam_ldap: ldap_simple_bind Can&#39;t contact LDAP server<br>
&gt; pam_ldap: reconnecting to LDAP server...<br>
&gt; pam_ldap: ldap_simple_bind Can&#39;t contact LDAP server<br>
&gt; Successful su for asimananda by root<br>
&gt; + pts/3 root:asimananda<br>
</div>&gt; pam_unix(su:session): session opened for user asimananda by \
root(uid=0)*<br> <br>
Looks like an setup error in your PAM setup. Check the ldap.conf related<br>
to the pam_ldap module. I don&#39;t know Ubuntu so I can&#39;t help here.<br>
<br>
Ciao, Michael.<br>
</div></div></blockquote></div><br>
</blockquote></div></div></div><br>
</blockquote></div><br></div></div></div></div></div>
</blockquote></div><br>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic