FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 07-28-2012, 03:04 PM
Grzegorz Dwornicki
 
Default ldapsearch is fine but from authentication purpose its not doing anything

In other mail I've told you: use authconfig or authconfig-tui or system-config-authentication to setup system for ldap authentication. For example authconfig-tui has simple text-based interface, authconfig is CLI based and require arguments. Finally system-config-authentication has gui.


28-07-2012 16:50, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
Hi

I have setup ldap server and from client its returning example :



[root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx ┬*-h

ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"

# extended LDIF

#

# LDAPv3

# base <dc=fosiul,dc=lan> with scope subtree

# filter: (cn=Fosiul Alam)

# requesting: ALL

#



# falam, users, uk, fosiul.lan

dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan

givenName: Fosiul

sn: Alam

loginShell: /bin/bash/bash

uidNumber: 1000

gidNumber: 3000

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: inetorgperson

objectClass: posixAccount

uid: falam

cn: Fosiul Alam

homeDirectory: /home/falam

userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=

┬*=



# search result

search: 3

result: 0 Success



# numResponses: 2

# numEntries: 1



and in the access log :



28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from

192.0.0.4 to 192.0.0.9

[28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT

oid="1.3.6.1.4.1.1466.20037" name="startTLS"

[28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120

nentries=0 etime=0

[28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES

[28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory

manager" method=128 version=3

[28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97

nentries=0 etime=0 dn="cn=directory manager"

[28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH

base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL

[28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101

nentries=1 etime=0

[28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND

[28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1





But From command line , when i do

[root@home ~]# id falam

id: falam: No such user







[28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from

192.0.0.4 to 192.0.0.9

[28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT

oid="1.3.6.1.4.1.1466.20037" name="startTLS"

[28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120

nentries=0 etime=0

[28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES

[28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3

[28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97

nentries=0 etime=0 dn=""

[28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH

base="dc=fosiul,dc=lan" scope=2

filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid

userPassword uidNumber gidNumber cn homeDirectory loginShell gecos

description objectClass"

[28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101

nentries=0 etime=0

[28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1





So basically, ldapsearch is working but authentication is not working ┬*..



Can any one please help me with this .

and i am using Centos 5.8



Fosiul.

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-28-2012, 04:13 PM
Fosiul Alam
 
Default ldapsearch is fine but from authentication purpose its not doing anything

Hi
I configured another pc
with authconfig-tui
but there is not any luck
its same thing ..

Fosiul

On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:
> In other mail I've told you: use authconfig or authconfig-tui or
> system-config-authentication to setup system for ldap authentication. For
> example authconfig-tui has simple text-based interface, authconfig is CLI
> based and require arguments. Finally system-config-authentication has gui.
>
> 28-07-2012 16:50, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>>
>> Hi
>> I have setup ldap server and from client its returning example :
>>
>> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h
>> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=fosiul,dc=lan> with scope subtree
>> # filter: (cn=Fosiul Alam)
>> # requesting: ALL
>> #
>>
>> # falam, users, uk, fosiul.lan
>> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
>> givenName: Fosiul
>> sn: Alam
>> loginShell: /bin/bash/bash
>> uidNumber: 1000
>> gidNumber: 3000
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: inetorgperson
>> objectClass: posixAccount
>> uid: falam
>> cn: Fosiul Alam
>> homeDirectory: /home/falam
>> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=
>> =
>>
>> # search result
>> search: 3
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>> and in the access log :
>>
>> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from
>> 192.0.0.4 to 192.0.0.9
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT
>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120
>> nentries=0 etime=0
>> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory
>> manager" method=128 version=3
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97
>> nentries=0 etime=0 dn="cn=directory manager"
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH
>> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101
>> nentries=1 etime=0
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
>>
>>
>> But From command line , when i do
>> [root@home ~]# id falam
>> id: falam: No such user
>>
>>
>>
>> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from
>> 192.0.0.4 to 192.0.0.9
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT
>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120
>> nentries=0 etime=0
>> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97
>> nentries=0 etime=0 dn=""
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH
>> base="dc=fosiul,dc=lan" scope=2
>> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid
>> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
>> description objectClass"
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101
>> nentries=0 etime=0
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
>>
>>
>> So basically, ldapsearch is working but authentication is not working ..
>>
>> Can any one please help me with this .
>> and i am using Centos 5.8
>>
>> Fosiul.
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-28-2012, 04:23 PM
Grzegorz Dwornicki
 
Default ldapsearch is fine but from authentication purpose its not doing anything

I assume you are using TLS. You need to use fqdn not ip of centos directory server, configure firewall for 389 or 636 port.


Please send content of /etc/nsswitch.conf and /etc/ldap.conf



28-07-2012 18:13, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
Hi

I configured another pc

with authconfig-tui

but there is not any luck

its same thing ..



Fosiul



On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:

> In other mail I've told you: use authconfig or authconfig-tui or

> system-config-authentication to setup system for ldap authentication. For

> example authconfig-tui has simple text-based interface, authconfig is CLI

> based and require arguments. Finally system-config-authentication has gui.

>

> 28-07-2012 16:50, "Fosiul Alam" <fosiul@gmail.com> napisał(a):

>>

>> Hi

>> I have setup ldap server and from client its returning example :

>>

>> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx ┬*-h

>> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"

>> # extended LDIF

>> #

>> # LDAPv3

>> # base <dc=fosiul,dc=lan> with scope subtree

>> # filter: (cn=Fosiul Alam)

>> # requesting: ALL

>> #

>>

>> # falam, users, uk, fosiul.lan

>> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan

>> givenName: Fosiul

>> sn: Alam

>> loginShell: /bin/bash/bash

>> uidNumber: 1000

>> gidNumber: 3000

>> objectClass: top

>> objectClass: person

>> objectClass: organizationalPerson

>> objectClass: inetorgperson

>> objectClass: posixAccount

>> uid: falam

>> cn: Fosiul Alam

>> homeDirectory: /home/falam

>> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=

>> ┬*=

>>

>> # search result

>> search: 3

>> result: 0 Success

>>

>> # numResponses: 2

>> # numEntries: 1

>>

>> and in the access log :

>>

>> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from

>> 192.0.0.4 to 192.0.0.9

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT

>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120

>> nentries=0 etime=0

>> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory

>> manager" method=128 version=3

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97

>> nentries=0 etime=0 dn="cn=directory manager"

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH

>> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101

>> nentries=1 etime=0

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1

>>

>>

>> But From command line , when i do

>> [root@home ~]# id falam

>> id: falam: No such user

>>

>>

>>

>> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from

>> 192.0.0.4 to 192.0.0.9

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT

>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120

>> nentries=0 etime=0

>> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97

>> nentries=0 etime=0 dn=""

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH

>> base="dc=fosiul,dc=lan" scope=2

>> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid

>> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos

>> description objectClass"

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101

>> nentries=0 etime=0

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1

>>

>>

>> So basically, ldapsearch is working but authentication is not working ┬*..

>>

>> Can any one please help me with this .

>> and i am using Centos 5.8

>>

>> Fosiul.

>> --

>> 389 users mailing list

>> 389-users@lists.fedoraproject.org

>> https://admin.fedoraproject.org/mailman/listinfo/389-users

>

>

> --

> 389 users mailing list

> 389-users@lists.fedoraproject.org

> https://admin.fedoraproject.org/mailman/listinfo/389-users







--

Regards

Fosiul Alam

07877100621

http://www.fosiul.co.uk

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-28-2012, 04:58 PM
Fosiul Alam
 
Default ldapsearch is fine but from authentication purpose its not doing anything

hi yes.. i am not using ip . i am using fully host name

this is my nsswitch

cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis

passwd: files ldap
shadow: files ldap
group: files ldap

#hosts: db files nisplus nis dns
hosts: files dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files

netgroup: files ldap

publickey: nisplus

automount: files ldap
aliases: files nisplus

sudoers: files ldap


and /etc/ldap

[root@home cacerts]# grep -v "^#" /etc/ldap.conf | sed -e '/^$/d'
base dc=fosiul,dc=lan

timelimit 120
bind_timelimit 120
idle_timelimit 3600
#nss_base_passwd ou=users,l=uk,dc=fosiul,dc=lan,?one
nss_initgroups_ignoreusers
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat, radiusd,news,mailman,nscd,gdm
uri ldap://ldap-2.fosiul.lan/
ssl start_tls
tls_cacertfile /etc/openldap/cacerts/ds-ca.crt
pam_password clear


On Sat, Jul 28, 2012 at 5:23 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:
> I assume you are using TLS. You need to use fqdn not ip of centos directory
> server, configure firewall for 389 or 636 port.
>
> Please send content of /etc/nsswitch.conf and /etc/ldap.conf
>
> 28-07-2012 18:13, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>
>> Hi
>> I configured another pc
>> with authconfig-tui
>> but there is not any luck
>> its same thing ..
>>
>> Fosiul
>>
>> On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki <gd1100@gmail.com>
>> wrote:
>> > In other mail I've told you: use authconfig or authconfig-tui or
>> > system-config-authentication to setup system for ldap authentication.
>> > For
>> > example authconfig-tui has simple text-based interface, authconfig is
>> > CLI
>> > based and require arguments. Finally system-config-authentication has
>> > gui.
>> >
>> > 28-07-2012 16:50, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>> >>
>> >> Hi
>> >> I have setup ldap server and from client its returning example :
>> >>
>> >> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h
>> >> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
>> >> # extended LDIF
>> >> #
>> >> # LDAPv3
>> >> # base <dc=fosiul,dc=lan> with scope subtree
>> >> # filter: (cn=Fosiul Alam)
>> >> # requesting: ALL
>> >> #
>> >>
>> >> # falam, users, uk, fosiul.lan
>> >> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
>> >> givenName: Fosiul
>> >> sn: Alam
>> >> loginShell: /bin/bash/bash
>> >> uidNumber: 1000
>> >> gidNumber: 3000
>> >> objectClass: top
>> >> objectClass: person
>> >> objectClass: organizationalPerson
>> >> objectClass: inetorgperson
>> >> objectClass: posixAccount
>> >> uid: falam
>> >> cn: Fosiul Alam
>> >> homeDirectory: /home/falam
>> >> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=
>> >> =
>> >>
>> >> # search result
>> >> search: 3
>> >> result: 0 Success
>> >>
>> >> # numResponses: 2
>> >> # numEntries: 1
>> >>
>> >> and in the access log :
>> >>
>> >> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from
>> >> 192.0.0.4 to 192.0.0.9
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT
>> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120
>> >> nentries=0 etime=0
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory
>> >> manager" method=128 version=3
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97
>> >> nentries=0 etime=0 dn="cn=directory manager"
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH
>> >> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101
>> >> nentries=1 etime=0
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND
>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
>> >>
>> >>
>> >> But From command line , when i do
>> >> [root@home ~]# id falam
>> >> id: falam: No such user
>> >>
>> >>
>> >>
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from
>> >> 192.0.0.4 to 192.0.0.9
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT
>> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120
>> >> nentries=0 etime=0
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128
>> >> version=3
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97
>> >> nentries=0 etime=0 dn=""
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH
>> >> base="dc=fosiul,dc=lan" scope=2
>> >> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid
>> >> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
>> >> description objectClass"
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101
>> >> nentries=0 etime=0
>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
>> >>
>> >>
>> >> So basically, ldapsearch is working but authentication is not working
>> >> ..
>> >>
>> >> Can any one please help me with this .
>> >> and i am using Centos 5.8
>> >>
>> >> Fosiul.
>> >> --
>> >> 389 users mailing list
>> >> 389-users@lists.fedoraproject.org
>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >
>> >
>> > --
>> > 389 users mailing list
>> > 389-users@lists.fedoraproject.org
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> Regards
>> Fosiul Alam
>> 07877100621
>> http://www.fosiul.co.uk
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-28-2012, 06:13 PM
Grzegorz Dwornicki
 
Default ldapsearch is fine but from authentication purpose its not doing anything

Do you have nss_ldap installed?



28-07-2012 18:58, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
hi yes.. i am not using ip . i am using fully host name



this is my nsswitch



cat /etc/nsswitch.conf

#

# /etc/nsswitch.conf

#

# An example Name Service Switch config file. This file should be

# sorted with the most-used services at the beginning.

#

# The entry '[NOTFOUND=return]' means that the search for an

# entry should stop if the search in the previous entry turned

# up nothing. Note that if the search failed due to some other reason

# (like no NIS server responding) then the search continues with the

# next entry.

#

# Legal entries are:

#

# ┬* ┬* ┬* nisplus or nis+ ┬* ┬* ┬* ┬* Use NIS+ (NIS version 3)

# ┬* ┬* ┬* nis or yp ┬* ┬* ┬* ┬* ┬* ┬* ┬* Use NIS (NIS version 2), also called YP

# ┬* ┬* ┬* dns ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* Use DNS (Domain Name Service)

# ┬* ┬* ┬* files ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* Use the local files

# ┬* ┬* ┬* db ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬*Use the local database (.db) files

# ┬* ┬* ┬* compat ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬*Use NIS on compat mode

# ┬* ┬* ┬* hesiod ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬* ┬*Use Hesiod for user lookups

# ┬* ┬* ┬* [NOTFOUND=return] ┬* ┬* ┬* Stop searching if not found so far

#



# To use db, put the "db" in front of "files" for entries you want to be

# looked up first in the databases

#

# Example:

#passwd: ┬* ┬*db files nisplus nis

#shadow: ┬* ┬*db files nisplus nis

#group: ┬* ┬* db files nisplus nis



passwd: ┬* ┬* files ldap

shadow: ┬* ┬* files ldap

group: ┬* ┬* ┬*files ldap



#hosts: ┬* ┬* db files nisplus nis dns

hosts: ┬* ┬* ┬*files dns



# Example - obey only what nisplus tells us...

#services: ┬* nisplus [NOTFOUND=return] files

#networks: ┬* nisplus [NOTFOUND=return] files

#protocols: ┬*nisplus [NOTFOUND=return] files

#rpc: ┬* ┬* ┬* ┬*nisplus [NOTFOUND=return] files

#ethers: ┬* ┬* nisplus [NOTFOUND=return] files

#netmasks: ┬* nisplus [NOTFOUND=return] files



bootparams: nisplus [NOTFOUND=return] files



ethers: ┬* ┬* files

netmasks: ┬* files

networks: ┬* files

protocols: ┬*files

rpc: ┬* ┬* ┬* ┬*files

services: ┬* files



netgroup: ┬* files ldap



publickey: ┬*nisplus



automount: ┬*files ldap

aliases: ┬* ┬*files nisplus



sudoers: files ldap





and /etc/ldap



[root@home cacerts]# grep -v "^#" /etc/ldap.conf | sed -e '/^$/d'

base dc=fosiul,dc=lan



timelimit 120

bind_timelimit 120

idle_timelimit 3600

┬*#nss_base_passwd ┬* ┬* ┬* ou=users,l=uk,dc=fosiul,dc=lan,?one

nss_initgroups_ignoreusers

root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat, radiusd,news,mailman,nscd,gdm

uri ldap://ldap-2.fosiul.lan/

ssl start_tls

tls_cacertfile /etc/openldap/cacerts/ds-ca.crt

pam_password clear





On Sat, Jul 28, 2012 at 5:23 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:

> I assume you are using TLS. You need to use fqdn not ip of centos directory

> server, configure firewall for 389 or 636 port.

>

> Please send content of /etc/nsswitch.conf and /etc/ldap.conf

>

> 28-07-2012 18:13, "Fosiul Alam" <fosiul@gmail.com> napisał(a):

>

>> Hi

>> I configured another pc

>> with authconfig-tui

>> but there is not any luck

>> its same thing ..

>>

>> Fosiul

>>

>> On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki <gd1100@gmail.com>

>> wrote:

>> > In other mail I've told you: use authconfig or authconfig-tui or

>> > system-config-authentication to setup system for ldap authentication.

>> > For

>> > example authconfig-tui has simple text-based interface, authconfig is

>> > CLI

>> > based and require arguments. Finally system-config-authentication has

>> > gui.

>> >

>> > 28-07-2012 16:50, "Fosiul Alam" <fosiul@gmail.com> napisał(a):

>> >>

>> >> Hi

>> >> I have setup ldap server and from client its returning example :

>> >>

>> >> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx ┬*-h

>> >> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"

>> >> # extended LDIF

>> >> #

>> >> # LDAPv3

>> >> # base <dc=fosiul,dc=lan> with scope subtree

>> >> # filter: (cn=Fosiul Alam)

>> >> # requesting: ALL

>> >> #

>> >>

>> >> # falam, users, uk, fosiul.lan

>> >> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan

>> >> givenName: Fosiul

>> >> sn: Alam

>> >> loginShell: /bin/bash/bash

>> >> uidNumber: 1000

>> >> gidNumber: 3000

>> >> objectClass: top

>> >> objectClass: person

>> >> objectClass: organizationalPerson

>> >> objectClass: inetorgperson

>> >> objectClass: posixAccount

>> >> uid: falam

>> >> cn: Fosiul Alam

>> >> homeDirectory: /home/falam

>> >> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=

>> >> ┬*=

>> >>

>> >> # search result

>> >> search: 3

>> >> result: 0 Success

>> >>

>> >> # numResponses: 2

>> >> # numEntries: 1

>> >>

>> >> and in the access log :

>> >>

>> >> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from

>> >> 192.0.0.4 to 192.0.0.9

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT

>> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120

>> >> nentries=0 etime=0

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory

>> >> manager" method=128 version=3

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97

>> >> nentries=0 etime=0 dn="cn=directory manager"

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH

>> >> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101

>> >> nentries=1 etime=0

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND

>> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1

>> >>

>> >>

>> >> But From command line , when i do

>> >> [root@home ~]# id falam

>> >> id: falam: No such user

>> >>

>> >>

>> >>

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from

>> >> 192.0.0.4 to 192.0.0.9

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT

>> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120

>> >> nentries=0 etime=0

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128

>> >> version=3

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97

>> >> nentries=0 etime=0 dn=""

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH

>> >> base="dc=fosiul,dc=lan" scope=2

>> >> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid

>> >> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos

>> >> description objectClass"

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101

>> >> nentries=0 etime=0

>> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1

>> >>

>> >>

>> >> So basically, ldapsearch is working but authentication is not working

>> >> ..

>> >>

>> >> Can any one please help me with this .

>> >> and i am using Centos 5.8

>> >>

>> >> Fosiul.

>> >> --

>> >> 389 users mailing list

>> >> 389-users@lists.fedoraproject.org

>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users

>> >

>> >

>> > --

>> > 389 users mailing list

>> > 389-users@lists.fedoraproject.org

>> > https://admin.fedoraproject.org/mailman/listinfo/389-users

>>

>>

>>

>> --

>> Regards

>> Fosiul Alam

>> 07877100621

>> http://www.fosiul.co.uk

>> --

>> 389 users mailing list

>> 389-users@lists.fedoraproject.org

>> https://admin.fedoraproject.org/mailman/listinfo/389-users

>

>

> --

> 389 users mailing list

> 389-users@lists.fedoraproject.org

> https://admin.fedoraproject.org/mailman/listinfo/389-users







--

Regards

Fosiul Alam

07877100621

http://www.fosiul.co.uk

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-28-2012, 06:21 PM
Fosiul Alam
 
Default ldapsearch is fine but from authentication purpose its not doing anything

yes its

rpm -qa | grep nss_ldap
nss_ldap-253-49.el5
nss_ldap-253-49.el5

i there is some other problem ..

example :
when i execute this :

ldapsearch -x -ZZ -D "cn=Directory Manager" -w meditation -h
ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"

i get output
example :

ldapsearch -x -ZZ -D "cn=Directory Manager" -w xxxx -h
ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
# extended LDIF
#
# LDAPv3
# base <dc=fosiul,dc=lan> with scope subtree
# filter: (cn=Fosiul Alam)
# requesting: ALL
#

# falam, users, uk, fosiul.lan
dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
givenName: Fosiul
sn: Alam
loginShell: /bin/bash/bash
uidNumber: 1000
gidNumber: 3000
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
uid: falam
cn: Fosiul Alam
homeDirectory: /home/falam
userPassword:: e1NTSEF9bkM0dyFlLaFlJYUVPclZHRENiT1Y2RnA1MDAwdnZZQ 1E9PQ=
=

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

when i do this ( i dont get anythin)
==================

ldapsearch -x -ZZ -D "uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" -w
xxxxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
dn cn sn

# extended LDIF
#
# LDAPv3
# base <dc=fosiul,dc=lan> with scope subtree
# filter: (cn=Fosiul Alam)
# requesting: dn cn sn
#

# search result
search: 3
result: 0 Success

# numResponses: 1

and log i get :
[28/Jul/2012:19:18:48 +0100] conn=141 fd=69 slot=69 connection from
192.0.0.4 to 192.0.0.9
[28/Jul/2012:19:18:48 +0100] conn=141 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[28/Jul/2012:19:18:48 +0100] conn=141 op=0 RESULT err=0 tag=120
nentries=0 etime=0
[28/Jul/2012:19:18:48 +0100] conn=141 SSL 256-bit AES
[28/Jul/2012:19:18:48 +0100] conn=141 op=1 BIND
dn="uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" method=128 version=3
[28/Jul/2012:19:18:48 +0100] conn=141 op=1 RESULT err=0 tag=97
nentries=0 etime=0 dn="uid=falam,ou=users,l=uk,dc=fosiul,dc=lan"
[28/Jul/2012:19:18:48 +0100] conn=141 op=2 SRCH
base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)"
attrs="distinguishedName cn sn"
[28/Jul/2012:19:18:48 +0100] conn=141 op=2 RESULT err=0 tag=101
nentries=0 etime=0
[28/Jul/2012:19:18:48 +0100] conn=141 op=3 UNBIND
[28/Jul/2012:19:18:48 +0100] conn=141 op=3 fd=69 closed - U1


do know where is the problem

but its not working

On Sat, Jul 28, 2012 at 7:13 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:
> Do you have nss_ldap installed?
>
> 28-07-2012 18:58, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>
>> hi yes.. i am not using ip . i am using fully host name
>>
>> this is my nsswitch
>>
>> cat /etc/nsswitch.conf
>> #
>> # /etc/nsswitch.conf
>> #
>> # An example Name Service Switch config file. This file should be
>> # sorted with the most-used services at the beginning.
>> #
>> # The entry '[NOTFOUND=return]' means that the search for an
>> # entry should stop if the search in the previous entry turned
>> # up nothing. Note that if the search failed due to some other reason
>> # (like no NIS server responding) then the search continues with the
>> # next entry.
>> #
>> # Legal entries are:
>> #
>> # nisplus or nis+ Use NIS+ (NIS version 3)
>> # nis or yp Use NIS (NIS version 2), also called YP
>> # dns Use DNS (Domain Name Service)
>> # files Use the local files
>> # db Use the local database (.db) files
>> # compat Use NIS on compat mode
>> # hesiod Use Hesiod for user lookups
>> # [NOTFOUND=return] Stop searching if not found so far
>> #
>>
>> # To use db, put the "db" in front of "files" for entries you want to be
>> # looked up first in the databases
>> #
>> # Example:
>> #passwd: db files nisplus nis
>> #shadow: db files nisplus nis
>> #group: db files nisplus nis
>>
>> passwd: files ldap
>> shadow: files ldap
>> group: files ldap
>>
>> #hosts: db files nisplus nis dns
>> hosts: files dns
>>
>> # Example - obey only what nisplus tells us...
>> #services: nisplus [NOTFOUND=return] files
>> #networks: nisplus [NOTFOUND=return] files
>> #protocols: nisplus [NOTFOUND=return] files
>> #rpc: nisplus [NOTFOUND=return] files
>> #ethers: nisplus [NOTFOUND=return] files
>> #netmasks: nisplus [NOTFOUND=return] files
>>
>> bootparams: nisplus [NOTFOUND=return] files
>>
>> ethers: files
>> netmasks: files
>> networks: files
>> protocols: files
>> rpc: files
>> services: files
>>
>> netgroup: files ldap
>>
>> publickey: nisplus
>>
>> automount: files ldap
>> aliases: files nisplus
>>
>> sudoers: files ldap
>>
>>
>> and /etc/ldap
>>
>> [root@home cacerts]# grep -v "^#" /etc/ldap.conf | sed -e '/^$/d'
>> base dc=fosiul,dc=lan
>>
>> timelimit 120
>> bind_timelimit 120
>> idle_timelimit 3600
>> #nss_base_passwd ou=users,l=uk,dc=fosiul,dc=lan,?one
>> nss_initgroups_ignoreusers
>>
>> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat, radiusd,news,mailman,nscd,gdm
>> uri ldap://ldap-2.fosiul.lan/
>> ssl start_tls
>> tls_cacertfile /etc/openldap/cacerts/ds-ca.crt
>> pam_password clear
>>
>>
>> On Sat, Jul 28, 2012 at 5:23 PM, Grzegorz Dwornicki <gd1100@gmail.com>
>> wrote:
>> > I assume you are using TLS. You need to use fqdn not ip of centos
>> > directory
>> > server, configure firewall for 389 or 636 port.
>> >
>> > Please send content of /etc/nsswitch.conf and /etc/ldap.conf
>> >
>> > 28-07-2012 18:13, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>> >
>> >> Hi
>> >> I configured another pc
>> >> with authconfig-tui
>> >> but there is not any luck
>> >> its same thing ..
>> >>
>> >> Fosiul
>> >>
>> >> On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki <gd1100@gmail.com>
>> >> wrote:
>> >> > In other mail I've told you: use authconfig or authconfig-tui or
>> >> > system-config-authentication to setup system for ldap authentication.
>> >> > For
>> >> > example authconfig-tui has simple text-based interface, authconfig is
>> >> > CLI
>> >> > based and require arguments. Finally system-config-authentication has
>> >> > gui.
>> >> >
>> >> > 28-07-2012 16:50, "Fosiul Alam" <fosiul@gmail.com> napisał(a):
>> >> >>
>> >> >> Hi
>> >> >> I have setup ldap server and from client its returning example :
>> >> >>
>> >> >> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx
>> >> >> -h
>> >> >> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
>> >> >> # extended LDIF
>> >> >> #
>> >> >> # LDAPv3
>> >> >> # base <dc=fosiul,dc=lan> with scope subtree
>> >> >> # filter: (cn=Fosiul Alam)
>> >> >> # requesting: ALL
>> >> >> #
>> >> >>
>> >> >> # falam, users, uk, fosiul.lan
>> >> >> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
>> >> >> givenName: Fosiul
>> >> >> sn: Alam
>> >> >> loginShell: /bin/bash/bash
>> >> >> uidNumber: 1000
>> >> >> gidNumber: 3000
>> >> >> objectClass: top
>> >> >> objectClass: person
>> >> >> objectClass: organizationalPerson
>> >> >> objectClass: inetorgperson
>> >> >> objectClass: posixAccount
>> >> >> uid: falam
>> >> >> cn: Fosiul Alam
>> >> >> homeDirectory: /home/falam
>> >> >> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=
>> >> >> =
>> >> >>
>> >> >> # search result
>> >> >> search: 3
>> >> >> result: 0 Success
>> >> >>
>> >> >> # numResponses: 2
>> >> >> # numEntries: 1
>> >> >>
>> >> >> and in the access log :
>> >> >>
>> >> >> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from
>> >> >> 192.0.0.4 to 192.0.0.9
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT
>> >> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120
>> >> >> nentries=0 etime=0
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory
>> >> >> manager" method=128 version=3
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97
>> >> >> nentries=0 etime=0 dn="cn=directory manager"
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH
>> >> >> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101
>> >> >> nentries=1 etime=0
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND
>> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
>> >> >>
>> >> >>
>> >> >> But From command line , when i do
>> >> >> [root@home ~]# id falam
>> >> >> id: falam: No such user
>> >> >>
>> >> >>
>> >> >>
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from
>> >> >> 192.0.0.4 to 192.0.0.9
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT
>> >> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120
>> >> >> nentries=0 etime=0
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128
>> >> >> version=3
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97
>> >> >> nentries=0 etime=0 dn=""
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH
>> >> >> base="dc=fosiul,dc=lan" scope=2
>> >> >> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid
>> >> >> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
>> >> >> description objectClass"
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101
>> >> >> nentries=0 etime=0
>> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
>> >> >>
>> >> >>
>> >> >> So basically, ldapsearch is working but authentication is not
>> >> >> working
>> >> >> ..
>> >> >>
>> >> >> Can any one please help me with this .
>> >> >> and i am using Centos 5.8
>> >> >>
>> >> >> Fosiul.
>> >> >> --
>> >> >> 389 users mailing list
>> >> >> 389-users@lists.fedoraproject.org
>> >> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >> >
>> >> >
>> >> > --
>> >> > 389 users mailing list
>> >> > 389-users@lists.fedoraproject.org
>> >> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >>
>> >>
>> >>
>> >> --
>> >> Regards
>> >> Fosiul Alam
>> >> 07877100621
>> >> http://www.fosiul.co.uk
>> >> --
>> >> 389 users mailing list
>> >> 389-users@lists.fedoraproject.org
>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >
>> >
>> > --
>> > 389 users mailing list
>> > 389-users@lists.fedoraproject.org
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> Regards
>> Fosiul Alam
>> 07877100621
>> http://www.fosiul.co.uk
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-28-2012, 07:31 PM
yersinia
 
Default ldapsearch is fine but from authentication purpose its not doing anything

Sorry for the top posting.

But your test is not sufficient. can you do a ldap simple bind with
the user , not with the directory admin, you want to authenticate ?
This is the first question to answer . so you can be sure no ldap acl
problem, no password mismatch and the like.

Regards

2012/7/28, Fosiul Alam <fosiul@gmail.com>:
> Hi
> I have setup ldap server and from client its returning example :
>
> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h
> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
> # extended LDIF
> #
> # LDAPv3
> # base <dc=fosiul,dc=lan> with scope subtree
> # filter: (cn=Fosiul Alam)
> # requesting: ALL
> #
>
> # falam, users, uk, fosiul.lan
> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
> givenName: Fosiul
> sn: Alam
> loginShell: /bin/bash/bash
> uidNumber: 1000
> gidNumber: 3000
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetorgperson
> objectClass: posixAccount
> uid: falam
> cn: Fosiul Alam
> homeDirectory: /home/falam
> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=
> =
>
> # search result
> search: 3
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> and in the access log :
>
> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from
> 192.0.0.4 to 192.0.0.9
> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT
> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120
> nentries=0 etime=0
> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES
> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory
> manager" method=128 version=3
> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97
> nentries=0 etime=0 dn="cn=directory manager"
> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH
> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL
> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101
> nentries=1 etime=0
> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND
> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
>
>
> But From command line , when i do
> [root@home ~]# id falam
> id: falam: No such user
>
>
>
> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from
> 192.0.0.4 to 192.0.0.9
> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT
> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120
> nentries=0 etime=0
> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES
> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3
> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97
> nentries=0 etime=0 dn=""
> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH
> base="dc=fosiul,dc=lan" scope=2
> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid
> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
> description objectClass"
> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101
> nentries=0 etime=0
> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
>
>
> So basically, ldapsearch is working but authentication is not working ..
>
> Can any one please help me with this .
> and i am using Centos 5.8
>
> Fosiul.
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
Inviato dal mio dispositivo mobile
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-28-2012, 07:39 PM
Fosiul Alam
 
Default ldapsearch is fine but from authentication purpose its not doing anything

HI thanks

if i try this

ldapsearch -x -ZZ -D "uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" -w
xxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" dn
cn sn

now if i give a wrong password it will say , authentication failed

but with correct password..
It does not return anything ..
and i get this in the log

http://fpaste.org/SA47/

On Sat, Jul 28, 2012 at 8:31 PM, yersinia <yersinia.spiros@gmail.com> wrote:
> Sorry for the top posting.
>
> But your test is not sufficient. can you do a ldap simple bind with
> the user , not with the directory admin, you want to authenticate ?
> This is the first question to answer . so you can be sure no ldap acl
> problem, no password mismatch and the like.
>
> Regards
>
> 2012/7/28, Fosiul Alam <fosiul@gmail.com>:
>> Hi
>> I have setup ldap server and from client its returning example :
>>
>> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h
>> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=fosiul,dc=lan> with scope subtree
>> # filter: (cn=Fosiul Alam)
>> # requesting: ALL
>> #
>>
>> # falam, users, uk, fosiul.lan
>> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
>> givenName: Fosiul
>> sn: Alam
>> loginShell: /bin/bash/bash
>> uidNumber: 1000
>> gidNumber: 3000
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: inetorgperson
>> objectClass: posixAccount
>> uid: falam
>> cn: Fosiul Alam
>> homeDirectory: /home/falam
>> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=
>> =
>>
>> # search result
>> search: 3
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>> and in the access log :
>>
>> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from
>> 192.0.0.4 to 192.0.0.9
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT
>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120
>> nentries=0 etime=0
>> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory
>> manager" method=128 version=3
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97
>> nentries=0 etime=0 dn="cn=directory manager"
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH
>> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101
>> nentries=1 etime=0
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND
>> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
>>
>>
>> But From command line , when i do
>> [root@home ~]# id falam
>> id: falam: No such user
>>
>>
>>
>> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from
>> 192.0.0.4 to 192.0.0.9
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT
>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120
>> nentries=0 etime=0
>> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97
>> nentries=0 etime=0 dn=""
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH
>> base="dc=fosiul,dc=lan" scope=2
>> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid
>> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
>> description objectClass"
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101
>> nentries=0 etime=0
>> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
>>
>>
>> So basically, ldapsearch is working but authentication is not working ..
>>
>> Can any one please help me with this .
>> and i am using Centos 5.8
>>
>> Fosiul.
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> Inviato dal mio dispositivo mobile
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-30-2012, 12:36 PM
Grzegorz Dwornicki
 
Default ldapsearch is fine but from authentication purpose its not doing anything

Hi again

all informations you provided looks ok. At times like this when error was hard to find I looked /var/log/dirsrv/slapd-instance_name/access log for debug info. Run tail -f on access log and try to use id command again. The logs will provide some tracing info commbined with information you provided already.


Greg.

2012/7/28 Fosiul Alam <fosiul@gmail.com>

HI thanks



if i try this



ldapsearch -x -ZZ *-D "uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" -w

xxx *-h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" dn

cn sn



now if i give a wrong password it will say , authentication failed



but with correct password..

It does not return anything ..

and i get this in the log



http://fpaste.org/SA47/



On Sat, Jul 28, 2012 at 8:31 PM, yersinia <yersinia.spiros@gmail.com> wrote:

> Sorry for the top posting.

>

> But your test is not sufficient. *can you do a ldap simple bind with

> the user , not with the directory admin, you want to authenticate ?

> This is the first question to answer . *so you can be sure no ldap acl

> problem, no password mismatch and the like.

>

> Regards

>

> 2012/7/28, Fosiul Alam <fosiul@gmail.com>:

>> Hi

>> I have setup ldap server and from client its returning example :

>>

>> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx *-h

>> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"

>> # extended LDIF

>> #

>> # LDAPv3

>> # base <dc=fosiul,dc=lan> with scope subtree

>> # filter: (cn=Fosiul Alam)

>> # requesting: ALL

>> #

>>

>> # falam, users, uk, fosiul.lan

>> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan

>> givenName: Fosiul

>> sn: Alam

>> loginShell: /bin/bash/bash

>> uidNumber: 1000

>> gidNumber: 3000

>> objectClass: top

>> objectClass: person

>> objectClass: organizationalPerson

>> objectClass: inetorgperson

>> objectClass: posixAccount

>> uid: falam

>> cn: Fosiul Alam

>> homeDirectory: /home/falam

>> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=

>> *=

>>

>> # search result

>> search: 3

>> result: 0 Success

>>

>> # numResponses: 2

>> # numEntries: 1

>>

>> and in the access log :

>>

>> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from

>> 192.0.0.4 to 192.0.0.9

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT

>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120

>> nentries=0 etime=0

>> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory

>> manager" method=128 version=3

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97

>> nentries=0 etime=0 dn="cn=directory manager"

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH

>> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101

>> nentries=1 etime=0

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND

>> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1

>>

>>

>> But From command line , when i do

>> [root@home ~]# id falam

>> id: falam: No such user

>>

>>

>>

>> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from

>> 192.0.0.4 to 192.0.0.9

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT

>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120

>> nentries=0 etime=0

>> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 version=3

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97

>> nentries=0 etime=0 dn=""

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH

>> base="dc=fosiul,dc=lan" scope=2

>> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid

>> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos

>> description objectClass"

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101

>> nentries=0 etime=0

>> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1

>>

>>

>> So basically, ldapsearch is working but authentication is not working *..

>>

>> Can any one please help me with this .

>> and i am using Centos 5.8

>>

>> Fosiul.

>> --

>> 389 users mailing list

>> 389-users@lists.fedoraproject.org

>> https://admin.fedoraproject.org/mailman/listinfo/389-users

>

> --

> Inviato dal mio dispositivo mobile

> --

> 389 users mailing list

> 389-users@lists.fedoraproject.org

> https://admin.fedoraproject.org/mailman/listinfo/389-users







--

Regards

Fosiul Alam

07877100621

http://www.fosiul.co.uk

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 03:17 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ę2007 - 2008, www.linux-archive.org