bertaboy
l33t
Joined: 05 Nov 2004
Posts: 604
|
 Posted: Mon Feb 18, 2013 3:13 pm Post subject: Binding Gentoo openLDAP server w/ OSX (10.7) client |
 |
|
Hi all,
I'm trying to set up a local server at home to consolidate a bunch of the information that we're gathering on our various computers by building a network using openLDAP+kerberos, where the server (hostname:microserver) is running Gentoo and the client I'm starting with is OS X 10.7.5. I've been able to acquire (MIT) kerberos tickets on the OSX client (hostname:mini), however now I'm stuck at binding the OSX client to the openLDAP server. openLDAP queries report back with no errors when pinged from the server, so I'm inclined to think that the issues are stemming from Apple.
Attempt to query openLDAP from client:
| Code: | mini: $ ldapsearch -x -D "cn=Manager,dc=hulljensen,dc=net" -W
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) |
Proper query from server:
| Code: | microserver :$ ldapsearch -x -D "cn=Manager,dc=hulljensen,dc=net" -W
...
# search result
search: 2
result: 0 Success
# numResponses: 15
# numEntries: 14 |
Confirming that server's LDAP port is accessible from the client
| Code: | mini: $ nmap microserver.hulljensen.net
Starting Nmap 6.25 ( http://nmap.org ) at 2013-02-18 09:33 EST
Nmap scan report for microserver.hulljensen.net (192.168.1.90)
Host is up (0.00036s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
22/tcp open ssh
389/tcp open ldap
464/tcp open kpasswd5
636/tcp open ldapssl
749/tcp open kerberos-adm
3306/tcp open mysql
6543/tcp open mythtv
Nmap done: 1 IP address (1 host up) scanned in 1.31 seconds
|
slapd.conf
| Code: | microserver: # cat /etc/openldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
serverID 0
loglevel 0
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
by dn="uid=root,ou=People,dc=hulljensen,dc=net" write
by users read
by anonymous auth
access to attrs=userPassword,gecos,description,loginShell
by self write
#######################################################################
# BDB database definitions
#######################################################################
database hdb
suffix "dc=hulljensen,dc=net"
checkpoint 32 30
rootdn "cn=Manager,dc=hulljensen,dc=net"
rootpw <redacted>
directory /var/lib/openldap-ldbm
index objectClass eq |
ldap.conf (identical on both machines)
| Code: | $ cat /etc/openldap/ldap.conf
BASE dc=hulljensen,dc=net
URI ldap://ldap.hulljensen.net:389/ ldap://ldap1.hulljensen.net:389/
TLS_REQCERT allow
TIMELIMIT 2 |
Server FQDN:
| Code: | microserver: $ hostname -f
microserver.hulljensen.net |
Client FQDN:
| Code: | mini: $ hostname -f
mini.hulljensen.net |
|
|
Networking & Security
