FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 12-09-2007, 11:57 AM
Jyotishmaan Ray
 
Default Openldap Experts

Hello All Openldap Experts,

This is Jyotishmaan. I have
successfully migrated the users from the Fedora-Linux System To LDAP
server on the Linux-fedora again. All these users shows up on the GOOEY
(GUI) of the Linux Fedora.
When I tried to logonto the system
through this GUI, as "ldapusr" and "jmaan" uid's, i could not log onto
the system ie., the on LDAP server only.

If i need to configure
the /etc/ldap.conf file. Please let me know. The transcripts of the
/var/log/messages are shown as below:-

Dec* 2 04:22:41 authdns syslogd 1.4.2: restart.
Dec
2 14:19:49 authdns gdm[2271]: pam_ldap: error trying to bind as user
"uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in" (Invalid
credentials)
Dec* 2 14:19:52 authdns
gdm[2271]:
Couldn't authenticate user
Dec* 2 14:20:09 authdns gconfd (root-20368): starting (version
2.18.0.1), pid 20368 user 'root'
Dec
2 14:20:09 authdns gconfd (root-20368): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only
configuration source at position 0
Dec* 2 14:20:09 authdns gconfd
(root-20368): Resolved address "xml:readwrite:/root/.gconf" to a
writable configuration source at position 1
Dec* 2 14:20:09 authdns
gconfd (root-20368): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only
configuration source at position 2
Dec* 2 14:20:10 authdns gconfd
(root-20368): Resolved address "xml:readwrite:/root/.gconf" to a
writable configuration source at position 0
Dec* 2 14:20:15 authdns setroubleshoot: [rpc.ERROR] attempt to open
server connection failed: (2, 'No such file or directory')
Dec* 2 20:05:28 authdns gconfd (root-20368):
Exiting
Dec
3 09:51:59 authdns gdm[2271]: pam_ldap: error trying to bind as user
"uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in" (Invalid
credentials)
Dec* 3 09:52:02 authdns gdm[2271]: Couldn't authenticate user
Dec* 3 09:53:35 authdns gconfd (root-24072): starting (version
2.18.0.1), pid 24072 user 'root'
Dec
3 09:53:35 authdns gconfd (root-24072): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only
configuration source at position 0
Dec* 3 09:53:35 authdns gconfd
(root-24072): Resolved address "xml:readwrite:/root/.gconf" to a
writable configuration source at position 1
Dec* 3 09:53:35 authdns
gconfd (root-24072): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only
configuration source at position 2
Dec* 3 09:53:36 authdns gconfd (root-24072): Resolved address
"xml:readwrite:/root/.gconf" to a writable configuration source at
position 0
Dec* 3 09:53:41 authdns setroubleshoot: [rpc.ERROR] attempt to open
server connection failed: (2, 'No such file or directory')
Dec* 3 11:53:32 authdns kernel: usb 5-7: new high speed USB device
using ehci_hcd and address 4
Dec* 3 11:53:33 authdns kernel: usb 5-7: configuration #1 chosen from 1
choice
Dec* 3 11:53:33 authdns kernel: scsi5 : SCSI emulation for USB Mass
Storage devices
Dec* 3 11:53:38 authdns kernel: scsi 5:0:0:0: Direct-Access* *
JetFlash TS2GJFV30* * * * 8.07 PQ: 0 ANSI: 2
Dec* 3 11:53:38 authdns kernel: SCSI device sdb: 4014078 512-byte hdwr
sectors (2055 MB)
Dec* 3 11:53:38 authdns kernel: sdb: Write Protect is off
Dec* 3 11:53:38 authdns kernel: sdb: assuming drive cache: write
through
Dec* 3 11:53:38 authdns kernel: SCSI device sdb: 4014078 512-byte hdwr
sectors (2055 MB)
Dec
4 00:15:11 authdns gdm[2271]: pam_ldap: error trying to bind as user
"uid=ldapusr,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in" (Invalid
credentials)
Dec* 4 00:15:14 authdns gdm[2271]: Couldn't authenticate user
Dec
4 00:15:33 authdns gdm[2271]: pam_ldap: error trying to bind as user
"uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in" (Invalid
credentials)
......


Regards,

Jyotishmaan

Please let me know!!!

Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-09-2007, 02:17 PM
Stuart Sears
 
Default Openldap Experts

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jyotishmaan Ray wrote:
> Hello All Openldap Experts,
>
> This is Jyotishmaan. I have
> successfully migrated the users from the Fedora-Linux System To LDAP
> server on the Linux-fedora again. All these users shows up on the GOOEY
> (GUI) of the Linux Fedora.
> When I tried to logonto the system
> through this GUI, as "ldapusr" and "jmaan" uid's, i could not log onto
> the system ie., the on LDAP server only.
>
> If i need to configure
> the /etc/ldap.conf file. Please let me know. The transcripts of the
> /var/log/messages are shown as below:-

1. which (uncommented) lines are in /etc/ldap.conf at the moment?

egrep -v '^($|#)' /etc/ldap.conf

2. When you configured your client box to use your new LDAP server, how
did you do that? Using the GUI?

If so, make sure you have enabled LDAP on both the "User Information"
and "Authentication" tabs - otherwise you will be using LDAP as an NSS
service like NIS.

3. can you run ldapsearch using that username and password?

ldapsearch -xW -D
'uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in'
- -h 'your.ldap.server' -b 'bn=compcen,dc=nits,dc=ac,dc=in'

4. also, what exactly is 'stornt=non-teach' ? I don't recognise that
attribute name. Are you using a custom schema?

5. Have you looked in the logs on the LDAP server itself? You may want
to increase the loglevel (and maybe redirect local4.* to a separate logfile)



Regards

Stuart
- --
Stuart Sears RHCA etc
"There's a very fine line between stupid and clever."
- Nigel Tufnel / Derek Smalls
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHXAbwamPtx1brPQ4RAjJKAJ400eJbPHZdyy1CgM0HU+ cddcr1eACfUtVK
aRjnGzKAvje9PK3Ujcx4t44=
=UBoy
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-09-2007, 11:22 PM
Cameron Simpson
 
Default Openldap Experts

On 09Dec2007 15:17, Stuart Sears <stuart@sjsears.com> wrote:
| 1. which (uncommented) lines are in /etc/ldap.conf at the moment?
| egrep -v '^($|#)' /etc/ldap.conf

OT - grep curiosity...
You can embed a "$" inside an alternation?

Personally, I've always used:

grep '^[^#]'

for this task.

Cheers,
--
Cameron Simpson <cs@zip.com.au> DoD#743
http://www.cskk.ezoshosting.com/cs/

When a man rides a Motorader he stays forever young. - German saying

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-10-2007, 12:42 AM
Robert L Cochran
 
Default Openldap Experts

Cameron Simpson wrote:

On 09Dec2007 15:17, Stuart Sears <stuart@sjsears.com> wrote:
| 1. which (uncommented) lines are in /etc/ldap.conf at the moment?
| egrep -v '^($|#)' /etc/ldap.conf

OT - grep curiosity...
You can embed a "$" inside an alternation?

Personally, I've always used:

grep '^[^#]'

for this task.

Cheers,


This:

egrep -v '^($|#)' /etc/ldap.conf

matches any line which is not blank and does not have an octothorpe in it. It is not negating a character class which is what you put inside brackets [ ]. It is negating the start of a line or the octothorpe '#'. That leading caret ^ negates each alternative within the parentheses.

Bob Cochran



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-10-2007, 01:00 AM
Robert L Cochran
 
Default Openldap Experts

Robert L Cochran wrote:

Cameron Simpson wrote:

On 09Dec2007 15:17, Stuart Sears <stuart@sjsears.com> wrote:
| 1. which (uncommented) lines are in /etc/ldap.conf at the moment?
| egrep -v '^($|#)' /etc/ldap.conf

OT - grep curiosity...
You can embed a "$" inside an alternation?

Personally, I've always used:

grep '^[^#]'

for this task.

Cheers,

This:

egrep -v '^($|#)' /etc/ldap.conf

matches any line which is not blank and does not have an octothorpe in
it. It is not negating a character class which is what you put inside
brackets [ ]. It is negating the start of a line or the octothorpe
'#'. That leading caret ^ negates each alternative within the
parentheses.


Bob Cochran

No, I'm wrong -- I put my foot in my mouth here. I should have checked
on the -v option for egrep first. It inverts the sense of the match. And
the '$' anchors the end of a line, not the start. I need to give this
one more thought....


Bob

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-10-2007, 01:21 AM
Tony Nelson
 
Default Openldap Experts

At 8:42 PM -0500 12/9/07, Robert L Cochran wrote:
...
>This:
>
>egrep -v '^($|#)' /etc/ldap.conf
>
>matches any line which is not blank and does not have an octothorpe in it.
...

Is empty or does not start with a #. I think '(^[ ]$|#)' will match what
you said. I don't know if whitespace is allowed in the config file.
--
__________________________________________________ __________________
TonyN.:' <mailto:tonynelson@georgeanelson.com>
' <http://www.georgeanelson.com/>

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-10-2007, 02:27 AM
Cameron Simpson
 
Default Openldap Experts

On 09Dec2007 20:42, Robert L Cochran <cochranb@speakeasy.net> wrote:
>> | egrep -v '^($|#)' /etc/ldap.conf
>>
>> OT - grep curiosity...
>> You can embed a "$" inside an alternation?
>>
>> Personally, I've always used:
>> grep '^[^#]'
>> for this task.
>>
> This:
> egrep -v '^($|#)' /etc/ldap.conf

Oh, I know what it _does_. I'm just surprised you can put "$" inside a
(...) section. I'm sure I've tripped over that constraint somewhere;
possibly not with GNU grep.

Anyway, my grep incantion is logically equivalent.

Cheers,
--
Cameron Simpson <cs@zip.com.au> DoD#743
http://www.cskk.ezoshosting.com/cs/

Actually, it's only 'evolution in action' if they haven't spawned yet.
- JAM jmooney@ornews.intel.com
Not at all, because they might have spawned again had not the hand of
fate intervened. I consider such cases a partial victory, at least.
- Geoff Miller <geoffm@netcom.com> DoD#0996

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-10-2007, 04:39 PM
Stuart Sears
 
Default Openldap Experts

Cameron Simpson wrote:
> On 09Dec2007 15:17, Stuart Sears <stuart@sjsears.com> wrote:
> | 1. which (uncommented) lines are in /etc/ldap.conf at the moment?
> | egrep -v '^($|#)' /etc/ldap.conf
>
> OT - grep curiosity...
> You can embed a "$" inside an alternation?

You can embed any regex character inside an alternation.

>
> Personally, I've always used:
>
> grep '^[^#]'

not bad. hadn't thought of that...


Stuart

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-11-2007, 05:56 AM
Jyotishmaan
 
Default Openldap Experts

Stuart Sears wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jyotishmaan Ray wrote:
>> Hello All Openldap Experts,
>>
>> This is Jyotishmaan. I have
>> successfully migrated the users from the Fedora-Linux System To LDAP
>> server on the Linux-fedora again. All these users shows up on the GOOEY
>> (GUI) of the Linux Fedora.
>> When I tried to logonto the system
>> through this GUI, as "ldapusr" and "jmaan" uid's, i could not log onto
>> the system ie., the on LDAP server only.
>>
>> If i need to configure
>> the /etc/ldap.conf file. Please let me know. The transcripts of the
>> /var/log/messages are shown as below:-
>
> Hello Stuart Sears,
>
> Please look below for your reply:-
>
> 1. which (uncommented) lines are in /etc/ldap.conf at the moment?
>
> egrep -v '^($|#)' /etc/ldap.conf
>
> The ouput of this command is shown as below:
>
> [root@authdns ~]# egrep -v '^($|#)' /etc/ldap.conf
> host 127.0.0.1
> base dc=nits,dc=ac,dc=in
> ldap_version 3
> timelimit 120
> bind_timelimit 120
> bind_policy hard
> idle_timelimit 3600
> nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon
> uri ldap://127.0.0.1/
> ssl no
> tls_cacertdir /etc/openldap/cacerts
> pam_password md5
> [root@authdns ~]#
>
>
>
> 2. When you configured your client box to use your new LDAP server, how
> did you do that? Using the GUI?
>
> The client has been configured by running the system-config-authentication
> command and then configuring the ip address of the LDAP server machine.
> Other than this not a single line has been changed in the client machine.
> As of now i am trying to log onto the server machine where i am getting
> unsuccessful bind and failed authentication as per the messages in
> /var/log/messages file.
>
>
> If so, make sure you have enabled LDAP on both the "User Information"
> and "Authentication" tabs - otherwise you will be using LDAP as an NSS
> service like NIS.
>
> Configuration of the server was through-system-config-authentication
> command and the GUI as described below:-
>
>
> /usr/bin/authconfig-tui" as root (without gui), or by calling the
> call the gnome menu: system->administration->authentication?
>
> This worked fine in both ways.
>
>
> 3. can you run ldapsearch using that username and password?
>
> Please can you through some lights on this few lines of ldapsearch
> command.
>
> I tried usiing the following way:
>
> [root@authdns bin]# ldapsearch -x -W -D
> 'uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in' Enter LDAP
> Password:
> ldap_bind: Invalid credentials (49)
> after i typed the LDAP password of the Manager i got the error as cited
> above. Hwever i also tried logging onto the server using jmaan's LDAP
> password, but it didnt work.
>
> Please tell mw how to authenticate successfully.
>
> ldapsearch -xW -D
> 'uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in'
> - -h 'your.ldap.server' -b 'bn=compcen,dc=nits,dc=ac,dc=in'
>
> hwever i will try to do.
> 4. also, what exactly is 'stornt=non-teach' ? I don't recognise that
>
> This is to distinguish whether an employee (staff) is an teaching type or
> non-teaching type, hence the atribute "stornt".
> attribute name. Are you using a custom schema?
>
> Yes, i am using a customised schema.
>
> 5. Have you looked in the logs on the LDAP server itself? You may want
> to increase the loglevel (and maybe redirect local4.* to a separate
> logfile)
>
> Yes, i have seen the logs on the LDAP server itself. The contents of the
> /var/log/messages are as shown below:-
>
> Dec 11 11:12:49 authdns gdm[4091]: Couldn't authenticate user
> Dec 11 11:12:59 authdns gdm[4091]: pam_ldap: error trying to bind as user
> "uid=ldapusr,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in" (Invalid
> credentials)
> Dec 11 11:13:03 authdns gdm[4091]: Couldn't authenticate user
> Dec 11 11:13:11 authdns gdm[4091]: pam_ldap: error trying to bind as user
> "uid=ldapusr,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in" (Invalid
> credentials)
> Dec 11 11:13:14 authdns gdm[4091]: Couldn't authenticate user
> Dec 11 11:13:19 authdns gconfd (root-4235): starting (version 2.18.0.1),
> pid 4235 user 'root'
> Dec 11 11:13:19 authdns gconfd (root-4235): Resolved address
> "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration
> source at position 0
> Dec 11 11:13:19 authdns gconfd (root-4235): Resolved address
> "xml:readwrite:/root/.gconf" to a writable configuration source at
> position 1
> Dec 11 11:13:19 authdns gconfd (root-4235): Resolved address
> "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration
> source at position 2
> Dec 11 11:13:19 authdns gconfd (root-4235): Resolved address
> "xml:readwrite:/root/.gconf" to a writable configuration source at
> position 0
> Dec 11 11:13:21 authdns setroubleshoot: [rpc.ERROR] attempt to open server
> connection failed: (2, 'No such file or directory
>
> Please let me know what changes i have to make in my server machine.
>
> regards,
>
> Jyotishmaan
> 91-9435554598
> City:Silchar, India
>
> Regards
>
> Stuart
> - --
> Stuart Sears RHCA etc
> "There's a very fine line between stupid and clever."
> - Nigel Tufnel / Derek Smalls
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFHXAbwamPtx1brPQ4RAjJKAJ400eJbPHZdyy1CgM0HU+ cddcr1eACfUtVK
> aRjnGzKAvje9PK3Ujcx4t44=
> =UBoy
> -----END PGP SIGNATURE-----
>
> --
> fedora-list mailing list
> fedora-list@redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
>

--
View this message in context: http://www.nabble.com/Openldap-Experts-tp14238310p14268772.html
Sent from the Fedora List mailing list archive at Nabble.com.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 04:12 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org