Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Directory (http://www.linux-archive.org/fedora-directory/)
-   -   ldapsearch is fine but from authentication purpose its not doing anything (http://www.linux-archive.org/fedora-directory/688407-ldapsearch-fine-but-authentication-purpose-its-not-doing-anything.html)

Grzegorz Dwornicki 07-28-2012 03:04 PM

ldapsearch is fine but from authentication purpose its not doing anything
 
In other mail I've told you: use authconfig or authconfig-tui or system-config-authentication to setup system for ldap authentication. For example authconfig-tui has simple text-based interface, authconfig is CLI based and require arguments. Finally system-config-authentication has gui.


28-07-2012 16:50, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
Hi

I have setup ldap server and from client its returning example :



[root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx ┬*-h

ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"

# extended LDIF

#

# LDAPv3

# base <dc=fosiul,dc=lan> with scope subtree

# filter: (cn=Fosiul Alam)

# requesting: ALL

#



# falam, users, uk, fosiul.lan

dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan

givenName: Fosiul

sn: Alam

loginShell: /bin/bash/bash

uidNumber: 1000

gidNumber: 3000

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: inetorgperson

objectClass: posixAccount

uid: falam

cn: Fosiul Alam

homeDirectory: /home/falam

userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=

┬*=



# search result

search: 3

result: 0 Success



# numResponses: 2

# numEntries: 1



and in the access log :



28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from

192.0.0.4 to 192.0.0.9

[28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT

oid="1.3.6.1.4.1.1466.20037" name="startTLS"

[28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120

nentries=0 etime=0

[28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES

[28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory

manager" method=128 version=3

[28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97

nentries=0 etime=0 dn="cn=directory manager"

[28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH

base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL

[28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101

nentries=1 etime=0

[28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND

[28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1





But From command line , when i do

[root@home ~]# id falam

id: falam: No such user







[28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from

192.0.0.4 to 192.0.0.9

[28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT

oid="1.3.6.1.4.1.1466.20037" name="startTLS"

[28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120

nentries=0 etime=0

[28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES

[28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3

[28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97

nentries=0 etime=0 dn=""

[28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH

base="dc=fosiul,dc=lan" scope=2

filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid

userPassword uidNumber gidNumber cn homeDirectory loginShell gecos

description objectClass"

[28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101

nentries=0 etime=0

[28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1





So basically, ldapsearch is working but authentication is not working ┬*..



Can any one please help me with this .

and i am using Centos 5.8



Fosiul.

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Fosiul Alam 07-28-2012 04:13 PM

ldapsearch is fine but from authentication purpose its not doing anything
 
Hi
I configured another pc
with authconfig-tui
but there is not any luck
its same thing ..

Fosiul

On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:
> In other mail I've told you: use authconfig or authconfig-tui or
> system-config-authentication to setup system for ldap authentication. For
> example authconfig-tui has simple text-based interface, authconfig is CLI
> based and require arguments. Finally system-config-authentication has gui.
>
> 28-07-2012 16:50, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>>
>> Hi
>> I have setup ldap server and from client its returning example :
>>
>> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h
>> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=fosiul,dc=lan> with scope subtree
>> # filter: (cn=Fosiul Alam)
>> # requesting: ALL
>> #
>>
>> # falam, users, uk, fosiul.lan
>> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
>> givenName: Fosiul
>> sn: Alam
>> loginShell: /bin/bash/bash
>> uidNumber: 1000
>> gidNumber: 3000
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: inetorgperson
>> objectClass: posixAccount
>> uid: falam
>> cn: Fosiul Alam
>> homeDirectory: /home/falam
>> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=
>> =
>>
>> # search result
>> search: 3
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>> and in the access log :
>>
>> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from
>> 192.0.0.4 to 192.0.0.9
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT
>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120
>> nentries=0 etime=0
>> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory
>> manager" method=128 version=3
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97
>> nentries=0 etime=0 dn="cn=directory manager"
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH
>> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101
>> nentries=1 etime=0
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
>>
>>
>> But From command line , when i do
>> [root@home ~]# id falam
>> id: falam: No such user
>>
>>
>>
>> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from
>> 192.0.0.4 to 192.0.0.9
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT
>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120
>> nentries=0 etime=0
>> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97
>> nentries=0 etime=0 dn=""
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH
>> base="dc=fosiul,dc=lan" scope=2
>> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid
>> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
>> description objectClass"
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101
>> nentries=0 etime=0
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
>>
>>
>> So basically, ldapsearch is working but authentication is not working ..
>>
>> Can any one please help me with this .
>> and i am using Centos 5.8
>>
>> Fosiul.
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Grzegorz Dwornicki 07-28-2012 04:23 PM

ldapsearch is fine but from authentication purpose its not doing anything
 
I assume you are using TLS. You need to use fqdn not ip of centos directory server, configure firewall for 389 or 636 port.


Please send content of /etc/nsswitch.conf and /etc/ldap.conf



28-07-2012 18:13, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
Hi

I configured another pc

with authconfig-tui

but there is not any luck

its same thing ..



Fosiul



On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:

> In other mail I've told you: use authconfig or authconfig-tui or

> system-config-authentication to setup system for ldap authentication. For

> example authconfig-tui has simple text-based interface, authconfig is CLI

> based and require arguments. Finally system-config-authentication has gui.

>

> 28-07-2012 16:50, "Fosiul Alam" <fosiul@gmail.com> napisał(a):

>>

>> Hi

>> I have setup ldap server and from client its returning example :

>>

>> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx ┬*-h

>> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"

>> # extended LDIF

>> #

>> # LDAPv3

>> # base <dc=fosiul,dc=lan> with scope subtree

>> # filter: (cn=Fosiul Alam)

>> # requesting: ALL

>> #

>>

>> # falam, users, uk, fosiul.lan

>> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan

>> givenName: Fosiul

>> sn: Alam

>> loginShell: /bin/bash/bash

>> uidNumber: 1000

>> gidNumber: 3000

>> objectClass: top

>> objectClass: person

>> objectClass: organizationalPerson

>> objectClass: inetorgperson

>> objectClass: posixAccount

>> uid: falam

>> cn: Fosiul Alam

>> homeDirectory: /home/falam

>> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=

>> ┬*=

>>

>> # search result

>> search: 3

>> result: 0 Success

>>

>> # numResponses: 2

>> # numEntries: 1

>>

>> and in the access log :

>>

>> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from

>> 192.0.0.4 to 192.0.0.9

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT

>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120

>> nentries=0 etime=0

>> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory

>> manager" method=128 version=3

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97

>> nentries=0 etime=0 dn="cn=directory manager"

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH

>> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101

>> nentries=1 etime=0

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1

>>

>>

>> But From command line , when i do

>> [root@home ~]# id falam

>> id: falam: No such user

>>

>>

>>

>> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from

>> 192.0.0.4 to 192.0.0.9

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT

>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120

>> nentries=0 etime=0

>> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97

>> nentries=0 etime=0 dn=""

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH

>> base="dc=fosiul,dc=lan" scope=2

>> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid

>> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos

>> description objectClass"

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101

>> nentries=0 etime=0

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1

>>

>>

>> So basically, ldapsearch is working but authentication is not working ┬*..

>>

>> Can any one please help me with this .

>> and i am using Centos 5.8

>>

>> Fosiul.

>> --

>> 389 users mailing list

>> 389-users@lists.fedoraproject.org

>> https://admin.fedoraproject.org/mailman/listinfo/389-users

>

>

> --

> 389 users mailing list

> 389-users@lists.fedoraproject.org

> https://admin.fedoraproject.org/mailman/listinfo/389-users







--

Regards

Fosiul Alam

07877100621

http://www.fosiul.co.uk

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Fosiul Alam 07-28-2012 04:58 PM

ldapsearch is fine but from authentication purpose its not doing anything
 
hi yes.. i am not using ip . i am using fully host name

this is my nsswitch

cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis

passwd: files ldap
shadow: files ldap
group: files ldap

#hosts: db files nisplus nis dns
hosts: files dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files

netgroup: files ldap

publickey: nisplus

automount: files ldap
aliases: files nisplus

sudoers: files ldap


and /etc/ldap

[root@home cacerts]# grep -v "^#" /etc/ldap.conf | sed -e '/^$/d'
base dc=fosiul,dc=lan

timelimit 120
bind_timelimit 120
idle_timelimit 3600
#nss_base_passwd ou=users,l=uk,dc=fosiul,dc=lan,?one
nss_initgroups_ignoreusers
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat, radiusd,news,mailman,nscd,gdm
uri ldap://ldap-2.fosiul.lan/
ssl start_tls
tls_cacertfile /etc/openldap/cacerts/ds-ca.crt
pam_password clear


On Sat, Jul 28, 2012 at 5:23 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:
> I assume you are using TLS. You need to use fqdn not ip of centos directory
> server, configure firewall for 389 or 636 port.
>
> Please send content of /etc/nsswitch.conf and /etc/ldap.conf
>
> 28-07-2012 18:13, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>
>> Hi
>> I configured another pc
>> with authconfig-tui
>> but there is not any luck
>> its same thing ..
>>
>> Fosiul
>>
>> On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki <gd1100@gmail.com>
>> wrote:
>> > In other mail I've told you: use authconfig or authconfig-tui or
>> > system-config-authentication to setup system for ldap authentication.
>> > For
>> > example authconfig-tui has simple text-based interface, authconfig is
>> > CLI
>> > based and require arguments. Finally system-config-authentication has
>> > gui.
>> >
>> > 28-07-2012 16:50, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>> >>
>> >> Hi
>> >> I have setup ldap server and from client its returning example :
>> >>
>> >> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h
>> >> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
>> >> # extended LDIF
>> >> #
>> >> # LDAPv3
>> >> # base <dc=fosiul,dc=lan> with scope subtree
>> >> # filter: (cn=Fosiul Alam)
>> >> # requesting: ALL
>> >> #
>> >>
>> >> # falam, users, uk, fosiul.lan
>> >> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
>> >> givenName: Fosiul
>> >> sn: Alam
>> >> loginShell: /bin/bash/bash
>> >> uidNumber: 1000
>> >> gidNumber: 3000
>> >> objectClass: top
>> >> objectClass: person
>> >> objectClass: organizationalPerson
>> >> objectClass: inetorgperson
>> >> objectClass: posixAccount
>> >> uid: falam
>> >> cn: Fosiul Alam
>> >> homeDirectory: /home/falam
>> >> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=
>> >> =
>> >>
>> >> # search result
>> >> search: 3
>> >> result: 0 Success
>> >>
>> >> # numResponses: 2
>> >> # numEntries: 1
>> >>
>> >> and in the access log :
>> >>
>> >> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from
>> >> 192.0.0.4 to 192.0.0.9
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT
>> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120
>> >> nentries=0 etime=0
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory
>> >> manager" method=128 version=3
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97
>> >> nentries=0 etime=0 dn="cn=directory manager"
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH
>> >> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101
>> >> nentries=1 etime=0
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
>> >>
>> >>
>> >> But From command line , when i do
>> >> [root@home ~]# id falam
>> >> id: falam: No such user
>> >>
>> >>
>> >>
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from
>> >> 192.0.0.4 to 192.0.0.9
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT
>> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120
>> >> nentries=0 etime=0
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128
>> >> version=3
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97
>> >> nentries=0 etime=0 dn=""
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH
>> >> base="dc=fosiul,dc=lan" scope=2
>> >> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid
>> >> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
>> >> description objectClass"
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101
>> >> nentries=0 etime=0
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
>> >>
>> >>
>> >> So basically, ldapsearch is working but authentication is not working
>> >> ..
>> >>
>> >> Can any one please help me with this .
>> >> and i am using Centos 5.8
>> >>
>> >> Fosiul.
>> >> --
>> >> 389 users mailing list
>> >> 389-users@lists.fedoraproject.org
>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >
>> >
>> > --
>> > 389 users mailing list
>> > 389-users@lists.fedoraproject.org
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> Regards
>> Fosiul Alam
>> 07877100621
>> http://www.fosiul.co.uk
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Grzegorz Dwornicki 07-28-2012 06:13 PM

ldapsearch is fine but from authentication purpose its not doing anything
 
Do you have nss_ldap installed?



28-07-2012 18:58, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
hi yes.. i am not using ip . i am using fully host name



this is my nsswitch



cat /etc/nsswitch.conf

#

# /etc/nsswitch.conf

#

# An example Name Service Switch config file. This file should be

# sorted with the most-used services at the beginning.

#

# The entry '[NOTFOUND=return]' means that the search for an

# entry should stop if the search in the previous entry turned

# up nothing. Note that if the search failed due to some other reason

# (like no NIS server responding) then the search continues with the

# next entry.

#

# Legal entries are:

#

# ┬* ┬* ┬* nisplus or nis+ ┬* ┬* ┬* ┬* Use NIS+ (NIS version 3)

# ┬* ┬* ┬* nis or yp ┬* ┬* ┬* ┬* ┬* ┬* ┬* Use NIS (NIS version 2), also called YP

# ┬* ┬* ┬* dns ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* Use DNS (Domain Name Service)

# ┬* ┬* ┬* files ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* Use the local files

# ┬* ┬* ┬* db ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬*Use the local database (.db) files

# ┬* ┬* ┬* compat ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬*Use NIS on compat mode

# ┬* ┬* ┬* hesiod ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬*Use Hesiod for user lookups

# ┬* ┬* ┬* [NOTFOUND=return] ┬* ┬* ┬* Stop searching if not found so far

#



# To use db, put the "db" in front of "files" for entries you want to be

# looked up first in the databases

#

# Example:

#passwd: ┬* ┬*db files nisplus nis

#shadow: ┬* ┬*db files nisplus nis

#group: ┬* ┬* db files nisplus nis



passwd: ┬* ┬* files ldap

shadow: ┬* ┬* files ldap

group: ┬* ┬* ┬*files ldap



#hosts: ┬* ┬* db files nisplus nis dns

hosts: ┬* ┬* ┬*files dns



# Example - obey only what nisplus tells us...

#services: ┬* nisplus [NOTFOUND=return] files

#networks: ┬* nisplus [NOTFOUND=return] files

#protocols: ┬*nisplus [NOTFOUND=return] files

#rpc: ┬* ┬* ┬* ┬*nisplus [NOTFOUND=return] files

#ethers: ┬* ┬* nisplus [NOTFOUND=return] files

#netmasks: ┬* nisplus [NOTFOUND=return] files



bootparams: nisplus [NOTFOUND=return] files



ethers: ┬* ┬* files

netmasks: ┬* files

networks: ┬* files

protocols: ┬*files

rpc: ┬* ┬* ┬* ┬*files

services: ┬* files



netgroup: ┬* files ldap



publickey: ┬*nisplus



automount: ┬*files ldap

aliases: ┬* ┬*files nisplus



sudoers: files ldap





and /etc/ldap



[root@home cacerts]# grep -v "^#" /etc/ldap.conf | sed -e '/^$/d'

base dc=fosiul,dc=lan



timelimit 120

bind_timelimit 120

idle_timelimit 3600

┬*#nss_base_passwd ┬* ┬* ┬* ou=users,l=uk,dc=fosiul,dc=lan,?one

nss_initgroups_ignoreusers

root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat, radiusd,news,mailman,nscd,gdm

uri ldap://ldap-2.fosiul.lan/

ssl start_tls

tls_cacertfile /etc/openldap/cacerts/ds-ca.crt

pam_password clear





On Sat, Jul 28, 2012 at 5:23 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:

> I assume you are using TLS. You need to use fqdn not ip of centos directory

> server, configure firewall for 389 or 636 port.

>

> Please send content of /etc/nsswitch.conf and /etc/ldap.conf

>

> 28-07-2012 18:13, "Fosiul Alam" <fosiul@gmail.com> napisał(a):

>

>> Hi

>> I configured another pc

>> with authconfig-tui

>> but there is not any luck

>> its same thing ..

>>

>> Fosiul

>>

>> On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki <gd1100@gmail.com>

>> wrote:

>> > In other mail I've told you: use authconfig or authconfig-tui or

>> > system-config-authentication to setup system for ldap authentication.

>> > For

>> > example authconfig-tui has simple text-based interface, authconfig is

>> > CLI

>> > based and require arguments. Finally system-config-authentication has

>> > gui.

>> >

>> > 28-07-2012 16:50, "Fosiul Alam" <fosiul@gmail.com> napisał(a):

>> >>

>> >> Hi

>> >> I have setup ldap server and from client its returning example :

>> >>

>> >> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx ┬*-h

>> >> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"

>> >> # extended LDIF

>> >> #

>> >> # LDAPv3

>> >> # base <dc=fosiul,dc=lan> with scope subtree

>> >> # filter: (cn=Fosiul Alam)

>> >> # requesting: ALL

>> >> #

>> >>

>> >> # falam, users, uk, fosiul.lan

>> >> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan

>> >> givenName: Fosiul

>> >> sn: Alam

>> >> loginShell: /bin/bash/bash

>> >> uidNumber: 1000

>> >> gidNumber: 3000

>> >> objectClass: top

>> >> objectClass: person

>> >> objectClass: organizationalPerson

>> >> objectClass: inetorgperson

>> >> objectClass: posixAccount

>> >> uid: falam

>> >> cn: Fosiul Alam

>> >> homeDirectory: /home/falam

>> >> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=

>> >> ┬*=

>> >>

>> >> # search result

>> >> search: 3

>> >> result: 0 Success

>> >>

>> >> # numResponses: 2

>> >> # numEntries: 1

>> >>

>> >> and in the access log :

>> >>

>> >> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from

>> >> 192.0.0.4 to 192.0.0.9

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT

>> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120

>> >> nentries=0 etime=0

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory

>> >> manager" method=128 version=3

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97

>> >> nentries=0 etime=0 dn="cn=directory manager"

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH

>> >> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101

>> >> nentries=1 etime=0

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1

>> >>

>> >>

>> >> But From command line , when i do

>> >> [root@home ~]# id falam

>> >> id: falam: No such user

>> >>

>> >>

>> >>

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from

>> >> 192.0.0.4 to 192.0.0.9

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT

>> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120

>> >> nentries=0 etime=0

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128

>> >> version=3

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97

>> >> nentries=0 etime=0 dn=""

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH

>> >> base="dc=fosiul,dc=lan" scope=2

>> >> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid

>> >> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos

>> >> description objectClass"

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101

>> >> nentries=0 etime=0

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1

>> >>

>> >>

>> >> So basically, ldapsearch is working but authentication is not working

>> >> ..

>> >>

>> >> Can any one please help me with this .

>> >> and i am using Centos 5.8

>> >>

>> >> Fosiul.

>> >> --

>> >> 389 users mailing list

>> >> 389-users@lists.fedoraproject.org

>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users

>> >

>> >

>> > --

>> > 389 users mailing list

>> > 389-users@lists.fedoraproject.org

>> > https://admin.fedoraproject.org/mailman/listinfo/389-users

>>

>>

>>

>> --

>> Regards

>> Fosiul Alam

>> 07877100621

>> http://www.fosiul.co.uk

>> --

>> 389 users mailing list

>> 389-users@lists.fedoraproject.org

>> https://admin.fedoraproject.org/mailman/listinfo/389-users

>

>

> --

> 389 users mailing list

> 389-users@lists.fedoraproject.org

> https://admin.fedoraproject.org/mailman/listinfo/389-users







--

Regards

Fosiul Alam

07877100621

http://www.fosiul.co.uk

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Fosiul Alam 07-28-2012 06:21 PM

ldapsearch is fine but from authentication purpose its not doing anything
 
yes its

rpm -qa | grep nss_ldap
nss_ldap-253-49.el5
nss_ldap-253-49.el5

i there is some other problem ..

example :
when i execute this :

ldapsearch -x -ZZ -D "cn=Directory Manager" -w meditation -h
ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"

i get output
example :

ldapsearch -x -ZZ -D "cn=Directory Manager" -w xxxx -h
ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
# extended LDIF
#
# LDAPv3
# base <dc=fosiul,dc=lan> with scope subtree
# filter: (cn=Fosiul Alam)
# requesting: ALL
#

# falam, users, uk, fosiul.lan
dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
givenName: Fosiul
sn: Alam
loginShell: /bin/bash/bash
uidNumber: 1000
gidNumber: 3000
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
uid: falam
cn: Fosiul Alam
homeDirectory: /home/falam
userPassword:: e1NTSEF9bkM0dyFlLaFlJYUVPclZHRENiT1Y2RnA1MDAwdnZZQ 1E9PQ=
=

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

when i do this ( i dont get anythin)
==================

ldapsearch -x -ZZ -D "uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" -w
xxxxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
dn cn sn

# extended LDIF
#
# LDAPv3
# base <dc=fosiul,dc=lan> with scope subtree
# filter: (cn=Fosiul Alam)
# requesting: dn cn sn
#

# search result
search: 3
result: 0 Success

# numResponses: 1

and log i get :
[28/Jul/2012:19:18:48 +0100] conn=141 fd=69 slot=69 connection from
192.0.0.4 to 192.0.0.9
[28/Jul/2012:19:18:48 +0100] conn=141 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[28/Jul/2012:19:18:48 +0100] conn=141 op=0 RESULT err=0 tag=120
nentries=0 etime=0
[28/Jul/2012:19:18:48 +0100] conn=141 SSL 256-bit AES
[28/Jul/2012:19:18:48 +0100] conn=141 op=1 BIND
dn="uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" method=128 version=3
[28/Jul/2012:19:18:48 +0100] conn=141 op=1 RESULT err=0 tag=97
nentries=0 etime=0 dn="uid=falam,ou=users,l=uk,dc=fosiul,dc=lan"
[28/Jul/2012:19:18:48 +0100] conn=141 op=2 SRCH
base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)"
attrs="distinguishedName cn sn"
[28/Jul/2012:19:18:48 +0100] conn=141 op=2 RESULT err=0 tag=101
nentries=0 etime=0
[28/Jul/2012:19:18:48 +0100] conn=141 op=3 UNBIND
[28/Jul/2012:19:18:48 +0100] conn=141 op=3 fd=69 closed - U1


do know where is the problem

but its not working

On Sat, Jul 28, 2012 at 7:13 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:
> Do you have nss_ldap installed?
>
> 28-07-2012 18:58, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>
>> hi yes.. i am not using ip . i am using fully host name
>>
>> this is my nsswitch
>>
>> cat /etc/nsswitch.conf
>> #
>> # /etc/nsswitch.conf
>> #
>> # An example Name Service Switch config file. This file should be
>> # sorted with the most-used services at the beginning.
>> #
>> # The entry '[NOTFOUND=return]' means that the search for an
>> # entry should stop if the search in the previous entry turned
>> # up nothing. Note that if the search failed due to some other reason
>> # (like no NIS server responding) then the search continues with the
>> # next entry.
>> #
>> # Legal entries are:
>> #
>> # nisplus or nis+ Use NIS+ (NIS version 3)
>> # nis or yp Use NIS (NIS version 2), also called YP
>> # dns Use DNS (Domain Name Service)
>> # files Use the local files
>> # db Use the local database (.db) files
>> # compat Use NIS on compat mode
>> # hesiod Use Hesiod for user lookups
>> # [NOTFOUND=return] Stop searching if not found so far
>> #
>>
>> # To use db, put the "db" in front of "files" for entries you want to be
>> # looked up first in the databases
>> #
>> # Example:
>> #passwd: db files nisplus nis
>> #shadow: db files nisplus nis
>> #group: db files nisplus nis
>>
>> passwd: files ldap
>> shadow: files ldap
>> group: files ldap
>>
>> #hosts: db files nisplus nis dns
>> hosts: files dns
>>
>> # Example - obey only what nisplus tells us...
>> #services: nisplus [NOTFOUND=return] files
>> #networks: nisplus [NOTFOUND=return] files
>> #protocols: nisplus [NOTFOUND=return] files
>> #rpc: nisplus [NOTFOUND=return] files
>> #ethers: nisplus [NOTFOUND=return] files
>> #netmasks: nisplus [NOTFOUND=return] files
>>
>> bootparams: nisplus [NOTFOUND=return] files
>>
>> ethers: files
>> netmasks: files
>> networks: files
>> protocols: files
>> rpc: files
>> services: files
>>
>> netgroup: files ldap
>>
>> publickey: nisplus
>>
>> automount: files ldap
>> aliases: files nisplus
>>
>> sudoers: files ldap
>>
>>
>> and /etc/ldap
>>
>> [root@home cacerts]# grep -v "^#" /etc/ldap.conf | sed -e '/^$/d'
>> base dc=fosiul,dc=lan
>>
>> timelimit 120
>> bind_timelimit 120
>> idle_timelimit 3600
>> #nss_base_passwd ou=users,l=uk,dc=fosiul,dc=lan,?one
>> nss_initgroups_ignoreusers
>>
>> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat, radiusd,news,mailman,nscd,gdm
>> uri ldap://ldap-2.fosiul.lan/
>> ssl start_tls
>> tls_cacertfile /etc/openldap/cacerts/ds-ca.crt
>> pam_password clear
>>
>>
>> On Sat, Jul 28, 2012 at 5:23 PM, Grzegorz Dwornicki <gd1100@gmail.com>
>> wrote:
>> > I assume you are using TLS. You need to use fqdn not ip of centos
>> > directory
>> > server, configure firewall for 389 or 636 port.
>> >
>> > Please send content of /etc/nsswitch.conf and /etc/ldap.conf
>> >
>> > 28-07-2012 18:13, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>> >
>> >> Hi
>> >> I configured another pc
>> >> with authconfig-tui
>> >> but there is not any luck
>> >> its same thing ..
>> >>
>> >> Fosiul
>> >>
>> >> On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki <gd1100@gmail.com>
>> >> wrote:
>> >> > In other mail I've told you: use authconfig or authconfig-tui or
>> >> > system-config-authentication to setup system for ldap authentication.
>> >> > For
>> >> > example authconfig-tui has simple text-based interface, authconfig is
>> >> > CLI
>> >> > based and require arguments. Finally system-config-authentication has
>> >> > gui.
>> >> >
>> >> > 28-07-2012 16:50, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>> >> >>
>> >> >> Hi
>> >> >> I have setup ldap server and from client its returning example :
>> >> >>
>> >> >> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx
>> >> >> -h
>> >> >> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
>> >> >> # extended LDIF
>> >> >> #
>> >> >> # LDAPv3
>> >> >> # base <dc=fosiul,dc=lan> with scope subtree
>> >> >> # filter: (cn=Fosiul Alam)
>> >> >> # requesting: ALL
>> >> >> #
>> >> >>
>> >> >> # falam, users, uk, fosiul.lan
>> >> >> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
>> >> >> givenName: Fosiul
>> >> >> sn: Alam
>> >> >> loginShell: /bin/bash/bash
>> >> >> uidNumber: 1000
>> >> >> gidNumber: 3000
>> >> >> objectClass: top
>> >> >> objectClass: person
>> >> >> objectClass: organizationalPerson
>> >> >> objectClass: inetorgperson
>> >> >> objectClass: posixAccount
>> >> >> uid: falam
>> >> >> cn: Fosiul Alam
>> >> >> homeDirectory: /home/falam
>> >> >> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=
>> >> >> =
>> >> >>
>> >> >> # search result
>> >> >> search: 3
>> >> >> result: 0 Success
>> >> >>
>> >> >> # numResponses: 2
>> >> >> # numEntries: 1
>> >> >>
>> >> >> and in the access log :
>> >> >>
>> >> >> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from
>> >> >> 192.0.0.4 to 192.0.0.9
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT
>> >> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120
>> >> >> nentries=0 etime=0
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory
>> >> >> manager" method=128 version=3
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97
>> >> >> nentries=0 etime=0 dn="cn=directory manager"
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH
>> >> >> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101
>> >> >> nentries=1 etime=0
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
>> >> >>
>> >> >>
>> >> >> But From command line , when i do
>> >> >> [root@home ~]# id falam
>> >> >> id: falam: No such user
>> >> >>
>> >> >>
>> >> >>
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from
>> >> >> 192.0.0.4 to 192.0.0.9
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT
>> >> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120
>> >> >> nentries=0 etime=0
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128
>> >> >> version=3
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97
>> >> >> nentries=0 etime=0 dn=""
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH
>> >> >> base="dc=fosiul,dc=lan" scope=2
>> >> >> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid
>> >> >> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
>> >> >> description objectClass"
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101
>> >> >> nentries=0 etime=0
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
>> >> >>
>> >> >>
>> >> >> So basically, ldapsearch is working but authentication is not
>> >> >> working
>> >> >> ..
>> >> >>
>> >> >> Can any one please help me with this .
>> >> >> and i am using Centos 5.8
>> >> >>
>> >> >> Fosiul.
>> >> >> --
>> >> >> 389 users mailing list
>> >> >> 389-users@lists.fedoraproject.org
>> >> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >> >
>> >> >
>> >> > --
>> >> > 389 users mailing list
>> >> > 389-users@lists.fedoraproject.org
>> >> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >>
>> >>
>> >>
>> >> --
>> >> Regards
>> >> Fosiul Alam
>> >> 07877100621
>> >> http://www.fosiul.co.uk
>> >> --
>> >> 389 users mailing list
>> >> 389-users@lists.fedoraproject.org
>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >
>> >
>> > --
>> > 389 users mailing list
>> > 389-users@lists.fedoraproject.org
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> Regards
>> Fosiul Alam
>> 07877100621
>> http://www.fosiul.co.uk
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

yersinia 07-28-2012 07:31 PM

ldapsearch is fine but from authentication purpose its not doing anything
 
Sorry for the top posting.

But your test is not sufficient. can you do a ldap simple bind with
the user , not with the directory admin, you want to authenticate ?
This is the first question to answer . so you can be sure no ldap acl
problem, no password mismatch and the like.

Regards

2012/7/28, Fosiul Alam <fosiul@gmail.com>:
> Hi
> I have setup ldap server and from client its returning example :
>
> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h
> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
> # extended LDIF
> #
> # LDAPv3
> # base <dc=fosiul,dc=lan> with scope subtree
> # filter: (cn=Fosiul Alam)
> # requesting: ALL
> #
>
> # falam, users, uk, fosiul.lan
> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
> givenName: Fosiul
> sn: Alam
> loginShell: /bin/bash/bash
> uidNumber: 1000
> gidNumber: 3000
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetorgperson
> objectClass: posixAccount
> uid: falam
> cn: Fosiul Alam
> homeDirectory: /home/falam
> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=
> =
>
> # search result
> search: 3
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> and in the access log :
>
> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from
> 192.0.0.4 to 192.0.0.9
> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT
> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120
> nentries=0 etime=0
> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES
> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory
> manager" method=128 version=3
> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97
> nentries=0 etime=0 dn="cn=directory manager"
> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH
> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL
> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101
> nentries=1 etime=0
> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND
> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
>
>
> But From command line , when i do
> [root@home ~]# id falam
> id: falam: No such user
>
>
>
> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from
> 192.0.0.4 to 192.0.0.9
> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT
> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120
> nentries=0 etime=0
> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES
> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3
> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97
> nentries=0 etime=0 dn=""
> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH
> base="dc=fosiul,dc=lan" scope=2
> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid
> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
> description objectClass"
> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101
> nentries=0 etime=0
> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
>
>
> So basically, ldapsearch is working but authentication is not working ..
>
> Can any one please help me with this .
> and i am using Centos 5.8
>
> Fosiul.
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
Inviato dal mio dispositivo mobile
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Fosiul Alam 07-28-2012 07:39 PM

ldapsearch is fine but from authentication purpose its not doing anything
 
HI thanks

if i try this

ldapsearch -x -ZZ -D "uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" -w
xxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" dn
cn sn

now if i give a wrong password it will say , authentication failed

but with correct password..
It does not return anything ..
and i get this in the log

http://fpaste.org/SA47/

On Sat, Jul 28, 2012 at 8:31 PM, yersinia <yersinia.spiros@gmail.com> wrote:
> Sorry for the top posting.
>
> But your test is not sufficient. can you do a ldap simple bind with
> the user , not with the directory admin, you want to authenticate ?
> This is the first question to answer . so you can be sure no ldap acl
> problem, no password mismatch and the like.
>
> Regards
>
> 2012/7/28, Fosiul Alam <fosiul@gmail.com>:
>> Hi
>> I have setup ldap server and from client its returning example :
>>
>> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h
>> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=fosiul,dc=lan> with scope subtree
>> # filter: (cn=Fosiul Alam)
>> # requesting: ALL
>> #
>>
>> # falam, users, uk, fosiul.lan
>> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
>> givenName: Fosiul
>> sn: Alam
>> loginShell: /bin/bash/bash
>> uidNumber: 1000
>> gidNumber: 3000
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: inetorgperson
>> objectClass: posixAccount
>> uid: falam
>> cn: Fosiul Alam
>> homeDirectory: /home/falam
>> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=
>> =
>>
>> # search result
>> search: 3
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>> and in the access log :
>>
>> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from
>> 192.0.0.4 to 192.0.0.9
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT
>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120
>> nentries=0 etime=0
>> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory
>> manager" method=128 version=3
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97
>> nentries=0 etime=0 dn="cn=directory manager"
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH
>> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101
>> nentries=1 etime=0
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
>>
>>
>> But From command line , when i do
>> [root@home ~]# id falam
>> id: falam: No such user
>>
>>
>>
>> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from
>> 192.0.0.4 to 192.0.0.9
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT
>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120
>> nentries=0 etime=0
>> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97
>> nentries=0 etime=0 dn=""
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH
>> base="dc=fosiul,dc=lan" scope=2
>> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid
>> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
>> description objectClass"
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101
>> nentries=0 etime=0
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
>>
>>
>> So basically, ldapsearch is working but authentication is not working ..
>>
>> Can any one please help me with this .
>> and i am using Centos 5.8
>>
>> Fosiul.
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> Inviato dal mio dispositivo mobile
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Grzegorz Dwornicki 07-30-2012 12:36 PM

ldapsearch is fine but from authentication purpose its not doing anything
 
Hi again

all informations you provided looks ok. At times like this when error was hard to find I looked /var/log/dirsrv/slapd-instance_name/access log for debug info. Run tail -f on access log and try to use id command again. The logs will provide some tracing info commbined with information you provided already.


Greg.

2012/7/28 Fosiul Alam <fosiul@gmail.com>

HI thanks



if i try this



ldapsearch -x -ZZ *-D "uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" -w

xxx *-h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" dn

cn sn



now if i give a wrong password it will say , authentication failed



but with correct password..

It does not return anything ..

and i get this in the log



http://fpaste.org/SA47/



On Sat, Jul 28, 2012 at 8:31 PM, yersinia <yersinia.spiros@gmail.com> wrote:

> Sorry for the top posting.

>

> But your test is not sufficient. *can you do a ldap simple bind with

> the user , not with the directory admin, you want to authenticate ?

> This is the first question to answer . *so you can be sure no ldap acl

> problem, no password mismatch and the like.

>

> Regards

>

> 2012/7/28, Fosiul Alam <fosiul@gmail.com>:

>> Hi

>> I have setup ldap server and from client its returning example :

>>

>> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx *-h

>> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"

>> # extended LDIF

>> #

>> # LDAPv3

>> # base <dc=fosiul,dc=lan> with scope subtree

>> # filter: (cn=Fosiul Alam)

>> # requesting: ALL

>> #

>>

>> # falam, users, uk, fosiul.lan

>> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan

>> givenName: Fosiul

>> sn: Alam

>> loginShell: /bin/bash/bash

>> uidNumber: 1000

>> gidNumber: 3000

>> objectClass: top

>> objectClass: person

>> objectClass: organizationalPerson

>> objectClass: inetorgperson

>> objectClass: posixAccount

>> uid: falam

>> cn: Fosiul Alam

>> homeDirectory: /home/falam

>> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=

>> *=

>>

>> # search result

>> search: 3

>> result: 0 Success

>>

>> # numResponses: 2

>> # numEntries: 1

>>

>> and in the access log :

>>

>> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from

>> 192.0.0.4 to 192.0.0.9

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT

>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120

>> nentries=0 etime=0

>> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory

>> manager" method=128 version=3

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97

>> nentries=0 etime=0 dn="cn=directory manager"

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH

>> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101

>> nentries=1 etime=0

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1

>>

>>

>> But From command line , when i do

>> [root@home ~]# id falam

>> id: falam: No such user

>>

>>

>>

>> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from

>> 192.0.0.4 to 192.0.0.9

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT

>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120

>> nentries=0 etime=0

>> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97

>> nentries=0 etime=0 dn=""

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH

>> base="dc=fosiul,dc=lan" scope=2

>> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid

>> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos

>> description objectClass"

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101

>> nentries=0 etime=0

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1

>>

>>

>> So basically, ldapsearch is working but authentication is not working *..

>>

>> Can any one please help me with this .

>> and i am using Centos 5.8

>>

>> Fosiul.

>> --

>> 389 users mailing list

>> 389-users@lists.fedoraproject.org

>> https://admin.fedoraproject.org/mailman/listinfo/389-users

>

> --

> Inviato dal mio dispositivo mobile

> --

> 389 users mailing list

> 389-users@lists.fedoraproject.org

> https://admin.fedoraproject.org/mailman/listinfo/389-users







--

Regards

Fosiul Alam

07877100621

http://www.fosiul.co.uk

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


All times are GMT. The time now is 06:07 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.