Re: Maybe schema ppolicy problem, old openldap

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Берденников Александр <berdennikov [at] promo.ru>
To: Arthur de Jong <arthur [at] arthurdejong.org>
Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
Reply-to: berdennikov [at] promo.ru
Subject: Re: Maybe schema ppolicy problem, old openldap
Date: Thu, 24 Mar 2016 16:24:23 +0300

downgrade solve the problem

thx!

ii  ldap-utils                      2.4.40+dfsg-1+deb8u2         amd64
OpenLDAP utilities
ri  libldap-2.4-2:amd64             2.4.40+dfsg-1+deb8u2         amd64
OpenLDAP libraries
ii  libnss-ldapd                    0.7.15+squeeze4              amd64
NSS module for using LDAP as a naming service
ii  libpam-ldapd:amd64              0.8.10-4                     amd64
PAM module for using LDAP as an authentication service


On Thu, 2016-03-24 at 13:08 +0100, Arthur de Jong wrote:
> On Thu, 24 Mar 2016, Берденников Александр wrote:
> > nslcd -d on client shows
> > ldap_sasl_bind("uid=berdennikov,ou=IT,ou=Departments,ou=promo.ru,ou=Domains,ou=Users,dc=promodev,dc=ru","***")
> >  (uri="ldaps://ldap.promodev.ru/")
> > nslcd: [94b2fb] <authc="berdennikov"> DEBUG: ldap_result(): end of results 
> > (0 total)
> > nslcd: [94b2fb] <authc="berdennikov"> > 
> > uid=berdennikov,ou=IT,ou=Departments,ou=promo.ru,ou=Domains,ou=Users,dc=promodev,dc=ru:
> >  No results returned
> 
> The problem is probably that the user cannot search for its own entry in 
> LDAP. As an extra check nslcd performs a check to see if the search for 
> its own returns a result. The reason for this is that some LDAP servers 
> seem to semi-silently fall back to an anonymous BIND if the authenticated 
> BIND fails.
> 
> Some work is ongoing to see if a better solution for this can be found.
> 
> The unrecognized control message can be safely ignored and should not be 
> related to this issue. If you want to be sure of this you will have to 
> downgrade to a 0.8 version of nslcd which does not request password policy 
> information on BIND.
> 
> Hope this helps,
> 
> -- 
> -- arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --

-- 




Aleksandr Berdennikov
System Administrator
Promo Interactive Ogilvy Group
mobile: +7 (926) 587-32-19
http://promo.ru
email: berdennikov@promo.ru



-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Maybe schema ppolicy problem, old openldap, Берденников Александр
- Re: Maybe schema ppolicy problem, old openldap, Arthur de Jong
  - Re: Maybe schema ppolicy problem, old openldap, Берденников Александр

Prev by Date: Re: Maybe schema ppolicy problem, old openldap
Next by Date: pam_authz_search $tty
Previous by thread: Re: Maybe schema ppolicy problem, old openldap
Next by thread: pam_authz_search $tty