|
»
»
nss_ldap & ssl
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
nss_ldap & ssl
by Mark.Merchant
::
Rate this Message:
I gave up on getting the change password
thing working, and disabled
force_change_passwd on the server. Now, I can authenticate against the ldap using clear text authentication. I'm trying to switch to ssl. Here is my new ldap.conf: host 10.7.73.37 uri ldaps://10.7.73.37 base dc=unix bind_policy soft binddn cn=proxy,dc=unix bindpw proxy port 636 scope sub timelimit 30 bind_timelimit 10 pam_groupdn cn=profit2,ou=groups,dc=unix pam_member_attribute member nss_map_attribute uniqueMember uniquemember nss_pam_filter objectclass=posixAccount nss_base_passwd ou=people,dc=unix nss_base_shadow ou=people,dc=unix nss_base_group ou=groups,dc=unix ssl true But I'm getting these errors, can anyone help me out? May 20 14:30:18 server sshd.csw[11311]: nss_ldap: could not search LDAP server - Server is unavailable May 20 14:30:18 server sshd.csw[11313]: nss_ldap: could not search LDAP server - Server is unavailable May 20 14:30:20 server sshd.csw[11313]: pam_ldap: ldap_simple_bind Can't contact LDAP server May 20 14:30:20 server sshd.csw[11313]: pam_ldap: reconnecting to LDAP server... May 20 14:30:20 server sshd.csw[11313]: pam_ldap: ldap_simple_bind Can't contact LDAP server May 20 14:30:20 server sshd[11311]: error: PAM: Authentication failed for illegal user soltest from cnu8451v0m May 20 14:30:20 server sshd.csw[11314]: nss_ldap: could not search LDAP server - Server is unavailable Thx. Mark Merchant Huntington Banks 7 Easton Oval Columbus, Oh 43219 Tel: 614-331-9806 Cell: 614-917-8218 Page: 614-917-8218 ~~~~ <Quote of the minute temporarily disabled.> |
|
|
Re: nss_ldap & ssl
by Howard Chu
::
Rate this Message:
Mark.Merchant@... wrote:
> I gave up on getting the change password thing working, and disabled > force_change_passwd on the server. Now, I can authenticate against the > ldap using clear text authentication. > > I'm trying to switch to ssl. Here is my new ldap.conf: > > host 10.7.73.37 > uri ldaps://10.7.73.37 > base dc=unix > bind_policy soft > binddn cn=proxy,dc=unix > bindpw proxy > port 636 > scope sub > timelimit 30 > bind_timelimit 10 > pam_groupdn cn=profit2,ou=groups,dc=unix > pam_member_attribute member > nss_map_attribute uniqueMember uniquemember > nss_pam_filter objectclass=posixAccount > nss_base_passwd ou=people,dc=unix > nss_base_shadow ou=people,dc=unix > nss_base_group ou=groups,dc=unix > ssl true > > But I'm getting these errors, can anyone help me out? Never use "host" and "port" options at the same time as the "uri" option. In fact, never use them, they're deprecated. That's certainly going to confuse the library. Also, when using an ldaps:// URI, you don't need the "ssl true" either. > May 20 14:30:18 server sshd.csw[11311]: nss_ldap: could not search LDAP > server - Server is unavailable > May 20 14:30:18 server sshd.csw[11313]: nss_ldap: could not search LDAP > server - Server is unavailable > May 20 14:30:20 server sshd.csw[11313]: pam_ldap: ldap_simple_bind Can't > contact LDAP server > May 20 14:30:20 server sshd.csw[11313]: pam_ldap: reconnecting to LDAP > server... > May 20 14:30:20 server sshd.csw[11313]: pam_ldap: ldap_simple_bind Can't > contact LDAP server > May 20 14:30:20 server sshd[11311]: error: PAM: Authentication failed > for illegal user soltest from cnu8451v0m > May 20 14:30:20 server sshd.csw[11314]: nss_ldap: could not search LDAP > server - Server is unavailable > > > Thx. > > Mark Merchant > Huntington Banks > 7 Easton Oval > Columbus, Oh 43219 > Tel: 614-331-9806 Cell: 614-917-8218 Page: 614-917-8218 > ~~~~ > <Quote of the minute temporarily disabled.> -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ |
| Free embeddable forum powered by Nabble | Forum Help |
