[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: nss_ldap error



What OS are you running? What does your nsswitch.conf look like? I had a similar problem, and it was because on the new Openssh builds, you have to turn on PAM=yes in sshd_config. Is it only ssh logins that are giving you problems? Can you "su" to the ldap users? Just some ideas, hopefully this helps.

Jeff Gamsby

Adam Denenberg wrote:

Hello,

i have openldap using tls running and nss_ldap libs successfully
installed.  I can do a finger username and get all the info back so i
know nss_ldap and openldap can communicate fine.  However when i try to
ssh in, i get the following error (from a tcpdump).

Invalid LDAP message (Cant't parse sequence header: Wrong type for
that item).


Can anybody shed some light here?

thanks
adam

here is my slapd logfile output..

Dec  6 02:13:04 pgate1 slapd[20498]: conn=18 fd=12 ACCEPT from
IP=10.35.2.250:33501 (IP=0.0.0.0:389)
Dec  6 02:13:04 pgate1 slapd[20505]: conn=18 op=1 BIND dn="" method=128
Dec  6 02:13:04 pgate1 slapd[20505]: conn=18 op=1 RESULT tag=97 err=0
text=
Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=2 SRCH
base="dc=thepirtgroup,dc=com" scope=2
filter="(&(objectClass=posixAccount)(uid=adenenberg))"
Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=2 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass
Dec  6 02:13:04 pgate1 slapd[20500]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Dec  6 02:13:04 pgate1 slapd[20505]: conn=18 op=3 SRCH
base="dc=thepirtgroup,dc=com" scope=2 filter="(uid=adenenberg)"
Dec  6 02:13:04 pgate1 slapd[20505]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Dec  6 02:13:04 pgate1 slapd[20505]: conn=18 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text=
Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=4 SRCH
base="dc=thepirtgroup,dc=com" scope=2
filter="(&(objectClass=posixGroup)(|(memberUid=adenenberg)(uniqueMember=uid=adenenberg,ou=datacenter,o=pirt,dc=thepirtgroup,dc=com)))"
Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=4 SRCH attr=cn
userPassword memberUid uniqueMember gidNumber
Dec  6 02:13:04 pgate1 slapd[20500]: <= bdb_equality_candidates:
(memberUid) index_param failed (18)
Dec  6 02:13:04 pgate1 slapd[20500]: <= bdb_equality_candidates:
(uniqueMember) index_param failed (18)
Dec  6 02:13:04 pgate1 slapd[20500]: conn=18 op=4 SEARCH RESULT tag=101
err=0 nentries=0 text=
Dec  6 02:13:04 pgate1 slapd[20498]: conn=19 fd=14 ACCEPT from
IP=10.35.2.250:33502 (IP=0.0.0.0:389)
Dec  6 02:13:04 pgate1 slapd[20500]: conn=19 op=1 BIND dn="" method=128
Dec  6 02:13:04 pgate1 slapd[20500]: conn=19 op=1 RESULT tag=97 err=0
text=
Dec  6 02:13:04 pgate1 slapd[20498]: deferring operation
Dec  6 02:13:04 pgate1 slapd[20505]: conn=19 op=2 SRCH
base="dc=thepirtgroup,dc=com" scope=2
filter="(&(objectClass=posixAccount)(uid=adenenberg))"
Dec  6 02:13:04 pgate1 slapd[20505]: conn=19 op=2 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass
Dec  6 02:13:04 pgate1 slapd[20505]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Dec  6 02:13:04 pgate1 slapd[20505]: conn=19 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Dec  6 02:13:04 pgate1 slapd[20500]: conn=19 op=3 SRCH
base="dc=thepirtgroup,dc=com" scope=2
filter="(&(objectClass=shadowAccount)(uid=adenenberg))"
Dec  6 02:13:04 pgate1 slapd[20500]: conn=19 op=3 SRCH attr=uid
userPassword shadowLastChange shadowMax shadowMin shadowWarning
shadowInactive shadowExpire
Dec  6 02:13:04 pgate1 slapd[20500]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Dec  6 02:13:04 pgate1 slapd[20500]: conn=19 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text=
Dec  6 02:13:04 pgate1 slapd[20498]: conn=19 fd=14 closed
Dec  6 02:13:05 pgate1 slapd[20505]: conn=18 op=5 SRCH
base="dc=thepirtgroup,dc=com" scope=2
filter="(&(objectClass=shadowAccount)(uid=adenenberg))"
Dec  6 02:13:05 pgate1 slapd[20505]: conn=18 op=5 SRCH attr=uid
userPassword shadowLastChange shadowMax shadowMin shadowWarning
shadowInactive shadowExpire
Dec  6 02:13:05 pgate1 slapd[20505]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Dec  6 02:13:05 pgate1 slapd[20505]: conn=18 op=5 SEARCH RESULT tag=101
err=0 nentries=1 text=