Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

ldap woes
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
akira420
n00b
n00b


Joined: 17 May 2003
Posts: 45
PostPosted: Fri Oct 01, 2004 6:11 pm    Post subject: ldap woes Reply with quote
hello, i've followed the directions at these two sites to the 't' when it comes to installing ldap:
http://www.gentoo.org/doc/en/ldap-howto.xml
http://www.monkeybox.org.uk/docs/gentoo/ldap.html

i can get a listing of my directory via ldapsearch and luma, but can't get ldap to authenicate my logins:

code from /var/log/auth.log
Code:

Sep 30 23:47:32 linux login[3792]: pam_ldap: ldap_simple_bind Can't contact LDAP server

this is my nmap output

i also can't get get kaddressbook to work either, when i conduct a search, i get:
Code:

Could not connect to host 192.168.0.102:636.


nmap output
Code:

akira@linux new $ nmap localhost

Starting nmap 3.55 ( http://www.insecure.org/nmap/ ) at 2004-10-01 10:47 Local time zone must be set--see zic manual page
Interesting ports on localhost (127.0.0.1):
(The 1653 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
443/tcp  open  https
636/tcp  open  ldapssl
995/tcp  open  pop3s
3306/tcp open  mysql

Nmap run completed -- 1 IP address (1 host up) scanned in 0.438 seconds


here are my conigs:

/etc/openldap/slarpd.conf
Code:

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
password-hash {crypt}
schemacheck   on
# Define global ACLs to disable default read access.

TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
TLSCACertificateFile /etc/ssl/ldap.pem

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

# Load dynamic backend modules:
# modulepath    /usr/lib/openldap/openldap
# moduleload    back_bdb.la
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la

# Sample security restrictions
#       Require integrity protection (prevent hijacking)
#       Require 112-bit (3DES or better) encryption for updates
#       Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#       Root DSE: allow anyone to read it
#       Subschema (sub)entry DSE: allow anyone to read it
#       Other DSEs:
#               Allow self write access
#               Allow authenticated users read access
#               Allow anonymous users to authenticate
#       Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#       by self write
#       by users read
        by anonymous auth
#access to *
#       by * read
access to dn="" by * read
access to *
        by self write
        by users read
        by anonymous auth




#
# if no access controls are present, the default policy is:
#       Allow read by all
#
# rootdn can always write!

#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "dc=home,dc=lan"
rootdn          "cn=linux,dc=home,dc=lan"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          {MD5}nowBzifnZG0qXyTBj/rIpw==
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/lib/openldap-data
# Indices to maintain
index   objectClass     eq


/etc/pam.d/system-auth
Code:

#%PAM-1.0
auth       required     /lib/security/pam_env.so
auth       sufficient   /lib/security/pam_unix.so likeauth nullok
auth       sufficient   /lib/security/pam_ldap.so use_first_pass
auth       required     /lib/security/pam_deny.so

account    sufficient   /lib/security/pam_unix.so
account    sufficient   /lib/security/pam_ldap.so

password   required     /lib/security/pam_cracklib.so retry=3
password   sufficient   /lib/security/pam_ldap.so use_authtok
password   sufficient   /lib/security/pam_unix.so nullok shadow md5 shadow use_authtok
password   required     /lib/security/pam_deny.so

session    required     /lib/security/pam_limits.so
session    optional     /lib/security/pam_ldap.so
session    required     /lib/security/pam_unix.so
session    required     /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=076


what's the problem?
_________________
you can pick your friends, and you can pick your nose, but you can't pick your friends nose
Back to top
View user's profile Send private message
haven
Tux's lil' helper
Tux's lil' helper


Joined: 19 Nov 2003
Posts: 141
Location: Belfast, Uk
PostPosted: Tue Nov 09, 2004 11:26 am    Post subject: Reply with quote
Disable TLS until you have it working normally.
Whats in your /etc/conf.d/slapd and /etc/ldap.conf - the latter is particularly important for pam auth. Also nsswitch.conf contents need to be listed.

Add some verbose logging to show yourself more information, I use: LogLevel 158 in my slapd.conf. This will produce a lot of log output, but it should show you what the problem is.

Regards
Back to top
View user's profile Send private message
TheBigBug
n00b
n00b


Joined: 23 Jan 2003
Posts: 41
Location: Yerseke, Holland
PostPosted: Thu Nov 11, 2004 5:20 pm    Post subject: Re: ldap woes Reply with quote
First of all, I am just trying openldap for the first time, but I got something working after all...

I've noticed an oddity in your message, you've got a typo in the name of the config file:

akira420 wrote:

...
/etc/openldap/slarpd.conf
...


I've been reading the following howto:
http://gentoo-wiki.com/HOWTO_LDAPv3

Because the how-to in the official documentation is not up to date anymore.

Next, if you run into trouble, tail /var/log/messages can be your friend, as it was mine... 8)

Good luck, and if you've got further questions, drop me a note!
_________________
Even MS can't find me...
Back to top
View user's profile Send private message
haven
Tux's lil' helper
Tux's lil' helper


Joined: 19 Nov 2003
Posts: 141
Location: Belfast, Uk
PostPosted: Thu Nov 11, 2004 10:52 pm    Post subject: Reply with quote
I found:
http://www.monkeybox.org.uk/docs/gentoo/ldap.html

Its a very useful and well explained guide. I heartily reccomend it. I'm currently running ldap auth for ftp/email (still working on)/apache virtuals and ssh on a couple of boxes. The link above gave me a good grounding in the basics.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy