[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: cannot bind to ldap other user as root
- To: Marc Patermann <hans.moser@ofd-z.niedersachsen.de>
- Subject: Re: cannot bind to ldap other user as root
- From: Sandor Szalina <sszalina@yahoo.com>
- Date: Wed, 8 Sep 2010 04:56:51 -0700 (PDT)
- Cc: openldap-technical@openldap.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1283947012; bh=jbjHP98mw6XrcsFVqucdSWa+32otH/hu3k1TNa+wEvg=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=ArL3j6/Pocl4MU3/MZZaGXNB6l1uQTuJjVT3V3yqyzp2vHFxHFA10yGiCmONsSLsfhiC2lhXUZh1oOhmMBG8KKMmWyZwXayQGM18mtbFAcD9cI6al/+4HVyimIlTLhcnZmowdUkoffa5NMADYgieB4b8z/wKWlzMRZ2edKHYgFg=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=1vsWyBcIk2qhZzHAw7t2gr3uzCMpIkUzx8zxMybOFsPUaU1HoExW7zCWiM4wfsKPFWSaD513KmnB3D+jpIvbbQi25oj1tKW0P3bGGdyRuTWZB9B4B5eauH7ah7f+u4pUJmiscExukO6ZfUFrza3rs+ellASRvPqEuX0ZgMraSJg=;
- In-reply-to: <4C877559.7070009@ofd-z.niedersachsen.de>
--- On Wed, 8/9/10, Marc Patermann <hans.moser@ofd-z.niedersachsen.de> wrote:
> From: Marc Patermann <hans.moser@ofd-z.niedersachsen.de>
> Subject: Re: cannot bind to ldap other user as root
> To: "Sandor Szalina" <sszalina@yahoo.com>
> Cc: openldap-technical@openldap.org
> Date: Wednesday, 8 September, 2010, 13:36
> Sandor,
>
> Sandor Szalina schrieb am 08.09.2010 12:16 Uhr:
>
> > I have installed the openldap 2.2.13 with rpm on Red
> Hat Enterprise
> > Linux ES release 4 (Nahant Update 8) I have set the
> TLS setting too.
> Man, 2.2.13 is ancient:
> http://www.openldap.org/lists/openldap-announce/200406/msg00002.html
> You really should try a /newer/ release.
>
> > With the user root I can start the ldapsearch and I
> receive the
> > result successfully, the ldap client can connect to
> the ldap server.
> > However if I login with another user I receive
> the following
> > message: ldap_bind: Can't contact LDAP server (-1)
> >
> > What can be the problem? Thanks for the help in
> advance,
> You did not provide any details
> - on how to uses ldapsearch and
> - about the server and client side config
>
>
> Marc
>
Hi!
Thanks for your mail. Here is the information:
The running slapd process is:
ldap 21697 1 0 07:14 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldaps://*:8108 -f /etc/openldap/slapd.conf
The slapd.conf is:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/local.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
TLSCertificateFile /etc/openldap/servercrt.pem
TLSCertificateKeyFile /etc/openldap/serverkey.pem
database bdb
suffix "dc=test"
rootdn "cn=Admin,dc=test"
rootpw mypasswd
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
The port 8108 is opened in the firewall.
On the client side there is .ldaprc in the home directory with the following content:
TLS_REQCERT allow
I am running the following ldapsearch command from the same machine:
ldapsearch -H ldaps://localhost:8108 -x -D "cn=Admin,dc=test" -W -b "dc=test" -s sub "objectclass=*"
as root I receive the content and at the end:
# search result
search: 2
result: 0 Success
# numResponses: 7
# numEntries: 6
If I am login with another user eg. testuser and I start the same ldapsearch I receive
ldap_bind: Can't contact LDAP server (-1)
bye
Sandor