Authentication problem with ldap_simple_bind_s
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Authentication problem with ldap_simple_bind_s
- From: Sergio Ramírez Gallego <sramirez [at] decsai.ugr.es>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Authentication problem with ldap_simple_bind_s
- Date: Thu, 31 Jul 2014 12:05:33 +0200
Hi!
I've been having troubles with setting up nss-pam-ldapd package on
CentOS 7.
No problem in other clients with CentOS 6.4.
The problem is the following:
I use a bind user to avoid anonymous access to my LDAP server. This user
"nssproxy" is the only
one who can talk to the LDAP server. After some modifications, nslcd log
ouput shows the following lines when I type
'getent passwd':
nslcd: [200854] <group/member="sergio"> DEBUG: ldap_initialize(ldap://ldap)
nslcd: [200854] <group/member="sergio"> DEBUG: ldap_set_rebind_proc()
nslcd: [200854] <group/member="sergio"> DEBUG:
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [200854] <group/member="sergio"> DEBUG:
ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [200854] <group/member="sergio"> DEBUG:
ldap_set_option(LDAP_OPT_TIMELIMIT,50)
nslcd: [200854] <group/member="sergio"> DEBUG:
ldap_set_option(LDAP_OPT_TIMEOUT,50)
nslcd: [200854] <group/member="sergio"> DEBUG:
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,50)
nslcd: [200854] <group/member="sergio"> DEBUG:
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [200854] <group/member="sergio"> DEBUG:
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [200854] <group/member="sergio"> DEBUG: ldap_start_tls_s()
nslcd: [200854] <group/member="sergio"> DEBUG: set_socket_timeout(50,500000)
nslcd: [200854] <group/member="sergio"> DEBUG:
ldap_simple_bind_s("cn=nssproxy,ou=users,dc=ugr,dc=es","***")
(uri="ldap://ldap";)
nslcd: [200854] <group/member="sergio"> DEBUG: ldap_result():
uid=sergio,ou=users,dc=ugr,dc=es
nslcd: [200854] <group/member="sergio"> DEBUG:
myldap_search(base="dc=ugr,dc=es",
filter="(&(objectClass=posixGroup)(|(memberUid=sergio)(member=uid=sergio,ou=users,dc=ugr,dc=es)))")
All right! Nevertheless, when I try to authenticate with a user
different to root, I get the following:
nslcd: [ed7263] DEBUG: connection from pid=24296 uid=0 gid=0
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [ed7263] <authc="sergio"> DEBUG:
nslcd_pam_authc("sergio","sshd","***")
nslcd: [ed7263] <authc="sergio"> DEBUG:
myldap_search(base="dc=ugr,dc=es",
filter="(&(objectClass=posixAccount)(uid=sergio))")
nslcd: [ed7263] <authc="sergio"> DEBUG: ldap_result():
uid=sergio,ou=users,dc=ugr,dc=es
nslcd: [ed7263] <authc="sergio"> DEBUG:
myldap_search(base="uid=sergio,ou=users,dc=ugr,dc=es",
filter="(objectClass=*)")
nslcd: [ed7263] <authc="sergio"> DEBUG: ldap_initialize(ldap://ldap)
nslcd: [ed7263] <authc="sergio"> DEBUG: ldap_set_rebind_proc()
nslcd: [ed7263] <authc="sergio"> DEBUG:
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [ed7263] <authc="sergio"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [ed7263] <authc="sergio"> DEBUG:
ldap_set_option(LDAP_OPT_TIMELIMIT,50)
nslcd: [ed7263] <authc="sergio"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,50)
nslcd: [ed7263] <authc="sergio"> DEBUG:
ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,50)
nslcd: [ed7263] <authc="sergio"> DEBUG:
ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [ed7263] <authc="sergio"> DEBUG:
ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [ed7263] <authc="sergio"> DEBUG: ldap_start_tls_s()
nslcd: [ed7263] <authc="sergio"> DEBUG: set_socket_timeout(50,500000)
nslcd: [ed7263] <authc="sergio"> DEBUG:
ldap_simple_bind_s("uid=sergio,ou=users,dc=ugr,dc=es","***")
(uri="ldap://ldap";)
nslcd: [ed7263] <authc="sergio"> ldap_result() failed: No such object
nslcd: [ed7263] <authc="sergio"> uid=sergio,ou=users,dc=ugr,dc=es:
lookup failed: No such object
nslcd: [ed7263] <authc="sergio"> DEBUG: set_socket_timeout(25,0)
nslcd: [ed7263] <authc="sergio"> DEBUG: ldap_unbind()
nslcd: [ed7263] <authc="sergio"> DEBUG:
myldap_search(base="dc=ugr,dc=es",
filter="(&(objectClass=shadowAccount)(uid=sergio))")
nslcd: [ed7263] <authc="sergio"> DEBUG: ldap_result():
uid=sergio,ou=users,dc=ugr,dc=es
I do not understand why nslcd uses uid=non-nssproxy-user to call the
ldap_simple_bind_s function. It is obvious that the server is not going
to answer.
If you need some configuration details, I can send to you. My server
uses LDAP 2.4 version.
Thanks and sorry for my English!
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
- Authentication problem with ldap_simple_bind_s,
Sergio Ramírez Gallego
