Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Current news item: /etc/ldap.conf missing
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
EasterParade
l33t
l33t


Joined: 26 Jul 2003
Posts: 938
PostPosted: Wed Aug 08, 2018 12:17 pm    Post subject: Current news item: /etc/ldap.conf missing Reply with quote
https://wiki.gentoo.org/wiki/SSH/LDAP_migration

What am I missing? See title: /etc/ldap.conf does not exist.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
PostPosted: Wed Aug 08, 2018 12:40 pm    Post subject: Re: Current news item: /etc/ldap.conf missing Reply with quote
transsib wrote:
What am I missing? See title: /etc/ldap.conf does not exist.

transsib ... that file is provided by sys-auth/nss_ldap. You should have this package if you're planning authenticating local logins via ldap (though I'm not sure openldap pulls it in).

best ... khay
Back to top
View user's profile Send private message
fedeliallalinea
Administrator
Administrator


Joined: 08 Mar 2003
Posts: 31460
Location: here
PostPosted: Wed Aug 08, 2018 12:50 pm    Post subject: Reply with quote
Quote:
2018-08-07-openssh-ldap-migration
Title Migration required for OpenSSH with LDAP
Author Thomas Deutschmann <whissi@gentoo.org>
Posted 2018-08-07
Revision 1

If your sshd authenticates against LDAP, you have to migrate your
current setup to a new one using sshd's "AuthorizedKeysCommand" option and
a wrapper provided by packages like the new sys-auth/ssh-ldap-pubkey or
sys-auth/sakcl because beginning with net-misc/openssh-7.7_p1, OpenSSH-LPK
patch set is deprecated and no longer applies.

We have created a short migration guide in the Wiki [1] for more details.


[1] https://wiki.gentoo.org/wiki/SSH/LDAP_migration

_________________
Questions are guaranteed in life; Answers aren't.
Back to top
View user's profile Send private message
EasterParade
l33t
l33t


Joined: 26 Jul 2003
Posts: 938
PostPosted: Wed Aug 08, 2018 1:14 pm    Post subject: Reply with quote
@fedeliallalinea
I got that (see my posting above), compiled the wrapper; I now see I do not have the ldap.conf file.
@khayyam
thanks, sys-auth/nss_ldap is not on the system; compiling now.
/etc/ldap.conf is present now, continuing but
Code:
ssh-ldap-pubkey list
Traceback (most recent call last):
  File "/usr/lib/python-exec/python3.6/ssh-ldap-pubkey", line 144, in <module>
    main(**kwargs)
  File "/usr/lib/python-exec/python3.6/ssh-ldap-pubkey", line 126, in main
    keys = ldapssh.find_pubkeys(login)
  File "/usr/lib64/python3.6/site-packages/ssh_ldap_pubkey/__init__.py", line 209, in find_pubkeys
    return self._find_pubkeys(self.find_dn_by_login(login))
  File "/usr/lib64/python3.6/site-packages/ssh_ldap_pubkey/__init__.py", line 225, in find_dn_by_login
    result = self._conn.search_s(conf.base, conf.scope, filter_s, ['dn'])
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 802, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 795, in search_ext_s
    msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 791, in search_ext
    timeout,sizelimit,
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 294, in _ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server", 'errno': 107, 'info': 'Transport endpoint is not connected'}


full stop now
Back to top
View user's profile Send private message
kurly
Apprentice
Apprentice


Joined: 02 Apr 2012
Posts: 260
PostPosted: Thu Aug 09, 2018 12:01 am    Post subject: Reply with quote
transsib wrote:
@fedeliallalinea
I got that (see my posting above), compiled the wrapper; I now see I do not have the ldap.conf file.
I think you missed the point: there is nothing to migrate if you don't use it.
Back to top
View user's profile Send private message
jhon987
Guru
Guru


Joined: 18 Nov 2013
Posts: 302
PostPosted: Thu Aug 09, 2018 2:08 pm    Post subject: Reply with quote
transsib wrote:
@fedeliallalinea
I got that (see my posting above), compiled the wrapper; I now see I do not have the ldap.conf file.
@khayyam
thanks, sys-auth/nss_ldap is not on the system; compiling now.
/etc/ldap.conf is present now, continuing but
Code:
ssh-ldap-pubkey list
Traceback (most recent call last):
  File "/usr/lib/python-exec/python3.6/ssh-ldap-pubkey", line 144, in <module>
    main(**kwargs)
  File "/usr/lib/python-exec/python3.6/ssh-ldap-pubkey", line 126, in main
    keys = ldapssh.find_pubkeys(login)
  File "/usr/lib64/python3.6/site-packages/ssh_ldap_pubkey/__init__.py", line 209, in find_pubkeys
    return self._find_pubkeys(self.find_dn_by_login(login))
  File "/usr/lib64/python3.6/site-packages/ssh_ldap_pubkey/__init__.py", line 225, in find_dn_by_login
    result = self._conn.search_s(conf.base, conf.scope, filter_s, ['dn'])
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 802, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 795, in search_ext_s
    msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 791, in search_ext
    timeout,sizelimit,
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 294, in _ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server", 'errno': 107, 'info': 'Transport endpoint is not connected'}


full stop now


you need to issue the command with the word python at the beginning like so:
Code:
python ssh-ldap-pubkey list


Since ssh-ldap-pubkey is a python script, your terminal doesn't automatically recognize you're running a python script, therefore you must "tell" terminal to use python in order to run script file
Back to top
View user's profile Send private message
EasterParade
l33t
l33t


Joined: 26 Jul 2003
Posts: 938
PostPosted: Thu Aug 09, 2018 2:36 pm    Post subject: Reply with quote
Quote:
I think you missed the point: there is nothing to migrate if you don't use it.

In this case I can remove the new packages and just ignore the news item.

jhon987, the wiki does not mention it. My system does not seem to need migrating.

clueless .... :wink:
Back to top
View user's profile Send private message
jhon987
Guru
Guru


Joined: 18 Nov 2013
Posts: 302
PostPosted: Thu Aug 09, 2018 3:16 pm    Post subject: Reply with quote
transsib wrote:

[...]

jhon987, the wiki does not mention it. [...]
clueless .... :wink:


Yeah, I know it doesn't but I wrote it still because that's what one needs to do when they encounter errors such as you did. (So it might be useful to you in the future, or for someone else who would come across this thread)
I guess the person who wrote the wiki article has his terminal automatically assume python script or something...
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 23082
PostPosted: Fri Aug 10, 2018 12:37 am    Post subject: Reply with quote
If the system did not recognize it as a Python script, how did he get a Python3.6 traceback telling him that the LDAP server is unreachable?
Back to top
View user's profile Send private message
jhon987
Guru
Guru


Joined: 18 Nov 2013
Posts: 302
PostPosted: Fri Aug 10, 2018 2:59 pm    Post subject: Reply with quote
Hu wrote:
If the system did not recognize it as a Python script, how did he get a Python3.6 traceback telling him that the LDAP server is unreachable?


I don't think it's a python traceback but a bash traceback. The ssh-ldap-pubkey script is found inside the python directory: /usr/lib/python-exec/python3.6/ssh-ldap-pubkey
and so the the functions inside that script are pointing to: /usr/lib64/python3.6/site-packages/ldap/ldapobject.py
however since the python interpreter (binary) isn't being utilized, that eventually leads to the errors he's getting.

Basically since the shebang: #!/usr/bin/env python is stated at the beginning of the file - terminal should recognize it's a python script, perhaps terminal defaults to the python interpreter version 2(.7) (maybe it is a python traceback) and so the script isn't functioning, perhaps the shebang should be changed to #!/usr/bin/env python3

I'm saying this from my own experience as well, I used same command and got same errors, yet once I used python before the command - suddenly I got meaningful output.
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 23082
PostPosted: Sat Aug 11, 2018 12:48 am    Post subject: Reply with quote
Bash does not produce tracebacks like that. It seems unlikely to be a Python version problem, since the error message specifically states that it failed to contact the LDAP server.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy