LDAP Authentication problem

On Thu, Mar 08, 2007 at 07:46:22PM +0100, Christoph Buchli wrote:
> Goals:
> I have an LDAP-server which works (a SUSE-Client is able to
> authenticate on this server...).
> The server requires SSL/TLS to connect...
> My ambition is now to connect from my freshly installed Debian-Etch
> client to this server and to authenticate (using libnss-ldap) on it.
>
It's been a long time since I setup a machine as an LDAP client from
scratch. Have you tried locating the corresponding files on your
existing client and duplicating the setup from that?

Regards,

-Roberto

--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com

Hi all, Roberto

The configuration-file from my debian client looks exactly the same as
the one from the suse-client...

(Suse:/etc/ldap.conf = Debian:/etc/libnss-ldap.conf)

regards

On 3/8/07, Christoph Buchli wrote:
> Hi
> I really don't want to lose much words, so let's start ;)
>
> Goals:
> I have an LDAP-server which works (a SUSE-Client is able to
> authenticate on this server...).
> The server requires SSL/TLS to connect...
> My ambition is now to connect from my freshly installed Debian-Etch
> client to this server and to authenticate (using libnss-ldap) on it.
>
> Nice, so far. Isn't it?
>
> Now, the way that is already behind me:
> I've installed first the libnss-ldap package and configured it... I
> was pretty sure that everything was as good as possible!
>
> I've edited the /etc/nsswitch.conf (1).
> Then, I wrote the password for the admin-user into /etc/libnss-ldap.secret:
> # echo -n "" > /etc/libnss-ldap.secret
>
> After that, I made softlinks into the /etc/ldap, so that
> /etc/ldap/ldap.conf -> /etc/libnss-ldap.conf
> /etc/ldap/ldap.secret -> /etc/libnss-ldap.secret
>
> I did that because I just couldn't figure out, which is the right
> configuration file....
>
> As already said, the server works. So I thought, I joust could do "su
> " and I'll be this user ;)
> Actually this didn't work and finally we reach my problem now:
>
> Problem:
> It's quite easy to describe: It doesn't work ;)
> I got the "No such user"- error...
>
> So, I turned on one of my best friends: Wireshark (on the server).
> It showed me some SSL-traffic between the client and the server... Not
> bad so far... :D
> But in the syslog from my client I could find "Couldn't connect to
> LDAP server".."cn=admin,o=cag".
>
> I can't see my mistake... But I'm sure that it is kind of a lack of
> understanding...
>
> Thanks a lot for answers...
> Christoph Buchli
>
> (1)
> # cat /etc/nsswitch.conf | grep -v ^\#
> passwd: ldap files
> group: ldap files
> shadow: ldap files
> hosts: files dns
> networks: files
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
> netgroup: nis
>
>
> (2)
> # cat /etc/libnss-ldap.conf | grep -v ^\#
> @(#)$Id: ldap.conf,v 2.47 2006/05/15 08:13:44 lukeh Exp $
> base o=cag
> uri ldaps://x.y.21.109:636
> ldap_version 3
> rootbinddn cn=admin,o=cag
> pam_password nds
> ssl start_tls
> nss_map_attribute uniqueMember member
> pam_filter objectclass=posixAccount
> nss_base_passwd o=cag
> nss_base_shadow o=cag
> nss_base_group o=cag
>

--

Hi all

Jeah.
It worked now.

I can authenticate on a Novell SELS9 LDAP-Server.

The link to the thread on the newsgroup de.comp.sys.novell
(unfortunately in German) is here: http://tinyurl.com/36gz8y

Thanks to all for help...

kindly regards,
christoph

--