myldap_search base character limit nslcd 0.8.13
[Date Prev][Date Next] [Thread Prev][Thread Next]myldap_search base character limit nslcd 0.8.13
- From: Евгений <hardemail [at] gmail.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: myldap_search base character limit nslcd 0.8.13
- Date: Wed, 23 Apr 2014 18:07:36 +0400
Hi,
I am trying ssh user authentication with AD with nss-pam-ldapd.
It seems faced with a restriction on the length of the base field.
Is it possible that as a work around this limitation? (except for changing the directory structure of course)
/etc/nslcd.conf
uid nslcd
gid nslcd
uri ldap://dc.mycompany.ru/
base dc=mycompany,dc=ru
ldap_version 3
binddn CN=UnixLdap,OU=unix access,OU=services,DC=mycompany,DC=ru
bindpw secret
tls_reqcert never
scope sub
pagesize 1000
referrals off
filter passwd (&(objectClass=user)(|(userAccountControl=512)(userAccountControl=66048))(uidNumber=*)(unixHomeDirectory=*))
map passwd uid sAMAccountName
map passwd uidNumber uidNumber
map passwd gidNumber gidNumber
map passwd homeDirectory unixHomeDirectory
map passwd gecos displayName
map passwd loginShell loginShell
filter shadow (&(objectClass=user)(|(userAccountControl=512)(userAccountControl=66048))(uidNumber=*)(unixHomeDirectory=*))
map shadow uid sAMAccountName
map shadow shadowLastChange pwdLastSet
filter group (&(objectClass=group)(gidNumber=*))
If the user is in a group: OU=_Служебные,OU=Сотрудники Компании,DC=mycompany,DC=ru
authorization successful
however, users are in another group: OU=Санкт-Петербург,OU=Группа администрирования сетевой инфраструктуры и UNIX систем,OU=Департамент эксплуатации,OU=Сотрудники Компании,DC=mycompany,DC=ru
get authorization error (ldapsearch returns the entries correctly)
DEBUG:
ldap_get_dn
nslcd: [334873] <authc="ldaptest111"> DEBUG: ldap_result(): CN=Тестовый Т. Аккаунт,OU=Санкт-Петербург,OU=Группа администрирования сетевой инфраструктуры и UNIX сис...
ldap_explode_dn
=> ldap_bv2dn(CN=Тестовый Т. Аккаунт,OU=Санкт-Петербург,OU=Группа администрирования сетевой инфраструктуры и UNIX систем,OU=Департамент эксплуатации,OU=Сотрудники Компании,DC=mycompany,DC=ru,0)
<= ldap_bv2dn(CN=Тестовый Т. Аккаунт,OU=Санкт-Петербург,OU=Группа администрирования сетевой инфраструктуры и UNIX систем,OU=Департамент эксплуатации,OU=Сотрудники Компании,DC=mycompany,DC=ru)=0
ldap_explode_rdn
ldap_get_values
nslcd: [334873] <authc="ldaptest111"> DEBUG: myldap_search(base="CN=Тестовый Т. Аккаунт,OU=Санкт-Петербург,OU=Группа администрирования сетевой инфраструктуры и UNIX <D1>...
nslcd: [334873] <authc="ldaptest111"> DEBUG: ldap_initialize(ldap://dc.mycompany.ru/)
ldap_create
ldap_url_parse_ext(ldap://dc.mycompany.ru/)
nslcd: [334873] <authc="ldaptest111"> DEBUG: ldap_set_rebind_proc()
nslcd: [334873] <authc="ldaptest111"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [334873] <authc="ldaptest111"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [334873] <authc="ldaptest111"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [334873] <authc="ldaptest111"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [334873] <authc="ldaptest111"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [334873] <authc="ldaptest111"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_OFF)
nslcd: [334873] <authc="ldaptest111"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [334873] <authc="ldaptest111"> DEBUG: ldap_simple_bind_s("CN=Тестовый Т. Аккаунт,OU=Санкт-Петербург,OU=Группа администрирования сетевой инфраструктуры и UNIX <D1>...
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP dc.mycompany.ru:389
ldap_new_socket: 9
ldap_prepare_socket: 9
ldap_connect_to_host: Trying 77.75.152.40:389
ldap_pvt_connect: fd: 9 tm: 10 async: 0
ldap_ndelay_on: 9
ldap_int_poll: fd: 9 tm: 10
ldap_is_sock_ready: 9
ldap_ndelay_off: 9
ldap_pvt_connect: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x7f3a8400a650 msgid 1
wait4msg ld 0x7f3a8400a650 msgid 1 (timeout 10000000 usec)
wait4msg continue ld 0x7f3a8400a650 msgid 1 all 1
** ld 0x7f3a8400a650 Connections:
* host: dc.mycompany.ru port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Apr 23 17:33:42 2014
** ld 0x7f3a8400a650 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f3a8400a650 request count 1 (abandoned 0)
** ld 0x7f3a8400a650 Response Queue:
Empty
ld 0x7f3a8400a650 response count 0
ldap_chkResponseList ld 0x7f3a8400a650 msgid 1 all 1
ldap_chkResponseList returns ld 0x7f3a8400a650 NULL
ldap_int_select
read1msg: ld 0x7f3a8400a650 msgid 1 all 1
read1msg: ld 0x7f3a8400a650 msgid 1 message type bind
read1msg: ld 0x7f3a8400a650 0 new referrals
read1msg: mark request completed, ld 0x7f3a8400a650 msgid 1
request done: ld 0x7f3a8400a650 msgid 1
res_errno: 49, res_error: <80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v23f0>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ldap_msgfree
ldap_err2string
nslcd: [334873] <authc="ldaptest111"> DEBUG: failed to bind to LDAP server ldap://dc.mycompany.ru/: Invalid credentials: 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v23f0
nslcd: [334873] <authc="ldaptest111"> DEBUG: ldap_unbind()
ldap_unbind
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed
Regards,
Evgeny
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see http://lists.arthurdejong.org/nss-pam-ldapd-users/
- myldap_search base character limit nslcd 0.8.13, Евгений
- Re: myldap_search base character limit nslcd 0.8.13, Arthur de Jong
- Prev by Date: backport 0.9.3-1 to debian 7
- Next by Date: Re: backport 0.9.3-1 to debian 7
- Previous by thread: Re: backport 0.9.3-1 to debian 7
- Next by thread: Re: myldap_search base character limit nslcd 0.8.13