|
»
»
« Return to Thread: nss_ldap & ssl
Re: nss_ldap & ssl
by Howard Chu
::
Rate this Message:
Mark.Merchant@... wrote:
> I gave up on getting the change password thing working, and disabled
> force_change_passwd on the server. Now, I can authenticate against the
> ldap using clear text authentication.
>
> I'm trying to switch to ssl. Here is my new ldap.conf:
>
> host 10.7.73.37
> uri ldaps://10.7.73.37
> base dc=unix
> bind_policy soft
> binddn cn=proxy,dc=unix
> bindpw proxy
> port 636
> scope sub
> timelimit 30
> bind_timelimit 10
> pam_groupdn cn=profit2,ou=groups,dc=unix
> pam_member_attribute member
> nss_map_attribute uniqueMember uniquemember
> nss_pam_filter objectclass=posixAccount
> nss_base_passwd ou=people,dc=unix
> nss_base_shadow ou=people,dc=unix
> nss_base_group ou=groups,dc=unix
> ssl true
>
> But I'm getting these errors, can anyone help me out?
Never use "host" and "port" options at the same time as the "uri" option. In
fact, never use them, they're deprecated.
That's certainly going to confuse the library. Also, when using an ldaps://
URI, you don't need the "ssl true" either.
> May 20 14:30:18 server sshd.csw[11311]: nss_ldap: could not search LDAP
> server - Server is unavailable
> May 20 14:30:18 server sshd.csw[11313]: nss_ldap: could not search LDAP
> server - Server is unavailable
> May 20 14:30:20 server sshd.csw[11313]: pam_ldap: ldap_simple_bind Can't
> contact LDAP server
> May 20 14:30:20 server sshd.csw[11313]: pam_ldap: reconnecting to LDAP
> server...
> May 20 14:30:20 server sshd.csw[11313]: pam_ldap: ldap_simple_bind Can't
> contact LDAP server
> May 20 14:30:20 server sshd[11311]: error: PAM: Authentication failed
> for illegal user soltest from cnu8451v0m
> May 20 14:30:20 server sshd.csw[11314]: nss_ldap: could not search LDAP
> server - Server is unavailable
>
>
> Thx.
>
> Mark Merchant
> Huntington Banks
> 7 Easton Oval
> Columbus, Oh 43219
> Tel: 614-331-9806 Cell: 614-917-8218 Page: 614-917-8218
> ~~~~
> <Quote of the minute temporarily disabled.>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
> I gave up on getting the change password thing working, and disabled
> force_change_passwd on the server. Now, I can authenticate against the
> ldap using clear text authentication.
>
> I'm trying to switch to ssl. Here is my new ldap.conf:
>
> host 10.7.73.37
> uri ldaps://10.7.73.37
> base dc=unix
> bind_policy soft
> binddn cn=proxy,dc=unix
> bindpw proxy
> port 636
> scope sub
> timelimit 30
> bind_timelimit 10
> pam_groupdn cn=profit2,ou=groups,dc=unix
> pam_member_attribute member
> nss_map_attribute uniqueMember uniquemember
> nss_pam_filter objectclass=posixAccount
> nss_base_passwd ou=people,dc=unix
> nss_base_shadow ou=people,dc=unix
> nss_base_group ou=groups,dc=unix
> ssl true
>
> But I'm getting these errors, can anyone help me out?
Never use "host" and "port" options at the same time as the "uri" option. In
fact, never use them, they're deprecated.
That's certainly going to confuse the library. Also, when using an ldaps://
URI, you don't need the "ssl true" either.
> May 20 14:30:18 server sshd.csw[11311]: nss_ldap: could not search LDAP
> server - Server is unavailable
> May 20 14:30:18 server sshd.csw[11313]: nss_ldap: could not search LDAP
> server - Server is unavailable
> May 20 14:30:20 server sshd.csw[11313]: pam_ldap: ldap_simple_bind Can't
> contact LDAP server
> May 20 14:30:20 server sshd.csw[11313]: pam_ldap: reconnecting to LDAP
> server...
> May 20 14:30:20 server sshd.csw[11313]: pam_ldap: ldap_simple_bind Can't
> contact LDAP server
> May 20 14:30:20 server sshd[11311]: error: PAM: Authentication failed
> for illegal user soltest from cnu8451v0m
> May 20 14:30:20 server sshd.csw[11314]: nss_ldap: could not search LDAP
> server - Server is unavailable
>
>
> Thx.
>
> Mark Merchant
> Huntington Banks
> 7 Easton Oval
> Columbus, Oh 43219
> Tel: 614-331-9806 Cell: 614-917-8218 Page: 614-917-8218
> ~~~~
> <Quote of the minute temporarily disabled.>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
« Return to Thread: nss_ldap & ssl
| Free embeddable forum powered by Nabble | Forum Help |
