lists.arthurdejong.org
RSS feed

Re: upgrade from 0.8.10 to 0.8.11 breaks configuration

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: upgrade from 0.8.10 to 0.8.11 breaks configuration



On 07/11/12 22:39, Arthur de Jong wrote:
> On Wed, 2012-11-07 at 10:37 +0100, justin wrote:
>> Using 0.8.10 is working fine. Once switching to .11 I get following
>> error in the debug output.
>>
>> nslcd: [8b4567] <passwd="USER"> DEBUG: 
>> ldap_set_option(LDAP_OPT_X_SASL_NOCANON,LDAP_OPT_OFF)
>> nslcd: [8b4567] <passwd="USER"> ldap_set_option(LDAP_OPT_X_SASL_NOCANON) 
>> failed: Can't contact LDAP server
>> nslcd: [8b4567] <passwd="USER"> DEBUG: ldap_unbind()
>> nslcd: [8b4567] <passwd="USER"> no available LDAP server found, sleeping 1 
>> seconds
>> nslcd: [8b4567] <passwd="USER"> DEBUG: ldap_initialize(ldap://......)
>>
>>
>> Could I get some help here? Which additional information do you like to see?
> 
> I cannot directly reproduce the above problem. A little more information
> on your configuration could be helpful. For example, is the LDAP server
> specified as an IP address or hostname, which LDAP server are you using,
> etc. A bigger part of the debug log could also be helpful.
> 
> Also information on your operating system and version of LDAP client
> libraries would probably be helpful.
> 
> Does setting the sasl_canonicalize option to no have any effect?
> 
> Thanks,
> 
> 
> 

Hi,

I am running an openldap server on opensuse, reachable through ssl and
starttls. Otherwise it doesn't have any special configuration.

the client is a gentoo Linux system using a openldap client version 2.4.33.
Configured with

./configure --prefix=/usr --build=x86_64-pc-linux-gnu
--host=x86_64-pc-linux-gnu --mandir=/usr/share/man
--infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc
--localstatedir=/var/lib --disable-dependency-tracking --enable-warnings
--with-ldap-lib=openldap --with-ldap-conf-file=/etc/nslcd.conf
--with-nslcd-pidfile=/var/run/nslcd/nslcd.pid
--with-nslcd-socket=/var/run/nslcd/socket
--with-pam-seclib-dir=/lib64/security --libdir=/lib64 --disable-debug
--disable-kerberos --enable-pam --disable-sasl --with-nss-flavour=glibc

from my local system I can query it with ldapsearch and anonymous binds.
Same works for 0.8.10.

my ldap.conf has

BASE    dc=.....
URI     ldap://HOSTNAME
TLS_CACERTDIR /etc/openldap/cacerts/


/etc/nslcd.conf

uid nslcd
gid nslcd
uri ldap://HOSTNAME
base dc=....
ssl start_tls
tls_cacertfile /etc/openldap/cacerts/FZJ

# nslcd -ddd
nslcd: DEBUG: ber_set_option(LBER_OPT_LOG_PRINT_FILE)
nslcd: DEBUG: ber_set_option(LBER_OPT_DEBUG_LEVEL,-1)
nslcd: DEBUG: ldap_set_option(LDAP_OPT_DEBUG_LEVEL,-1)
ldap_url_parse_ext(ldap://localhost/)
nslcd: DEBUG: add_uri(ldap://HOSTNAME)
nslcd: DEBUG:
ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE,"/etc/openldap/cacerts/FZJ")
nslcd: version 0.8.11 starting
nslcd: DEBUG: initgroups("nslcd",974) done
nslcd: DEBUG: setgid(974) done
nslcd: DEBUG: setuid(121) done
nslcd: accepting connections
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [8b4567] DEBUG: connection from pid=19319 uid=0 gid=0
nslcd: [8b4567] <passwd(all)> DEBUG: myldap_search(base="dc=.....",
filter="(objectClass=posixAccount)")
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_initialize(ldap://HOSTNAME)
ldap_create
ldap_url_parse_ext(ldap://HOSTNAME)
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] <passwd(all)> DEBUG:
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] <passwd(all)> DEBUG:
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] <passwd(all)> DEBUG:
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] <passwd(all)> DEBUG:
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] <passwd(all)> DEBUG:
ldap_set_option(LDAP_OPT_X_SASL_NOCANON,LDAP_OPT_OFF)
ldap_err2string
nslcd: [8b4567] <passwd(all)> ldap_set_option(LDAP_OPT_X_SASL_NOCANON)
failed: Can't contact LDAP server
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_unbind()
ldap_unbind
nslcd: [8b4567] <passwd(all)> no available LDAP server found, sleeping 1
seconds
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable



setting sasl_canonicalize doesn't work differently.

Anymore information needed?

Thanks justin

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/