Fwd: CentOS 7 : ldap authentication failed
[Date Prev][Date Next] [Thread Prev][Thread Next]Fwd: CentOS 7 : ldap authentication failed
- From: Frédéric Marchal <marchal.frederic [at] gmail.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Fwd: CentOS 7 : ldap authentication failed
- Date: Mon, 26 Jan 2015 20:30:51 +0100
The server that uses nslcd is a CentOS 7.
Until the password is checked, everything is ok. The problem comes after :
nslcd: [3c9869] <authc="username"> DEBUG: myldap_search(base="uid=username,ou=people,dc=companyname,dc=com", filter="(objectClass=*)")
Why nslcd adds 'uid=username' to the ldap base ?
The Ldap server doesn't like this query...
Jan 26 12:32:34 LDAPSERVER slapd[24389]: conn=43314 op=1 SRCH base="uid=username,ou=people,dc=companyname,dc=com" scope=0 deref=0 filter="(objectClass=*)"Jan 26 12:32:34 LDAPSERVER slapd[24389]: conn=43314 op=1 SRCH attr=dnJan 26 12:32:34 LDAPSERVER slapd[24389]: conn=43314 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=Jan 26 12:32:34 LDAPSERVER slapd[24389]: conn=43314 op=2 ABANDON msg=2
Regards
2015-01-26 16:04 GMT+01:00 Berend De Schouwer <berend [at] deschouwer.co.za>:
On Mon, 26 Jan, 2015 at 3:53 , Frédéric Marchal <marchal.frederic [at] gmail.com> wrote:
Hi,
We are building our first CentOS 7 server.
Your LDAP server, or your server that should use nslcd to authenticate?
We don't understand why after successfully binding to ldap, nslcd does a new request for the dn with a wrong base dn (uid=username has been added to the ldap base dn).
The first bind is to confirm the existence of the user, and to check that the user is valid (right objectClass, etc.)
The second bind is to test the password.
It's adding uid=username because that's your username.
nslcd: [7b23c6] <shadow="username"> DEBUG: myldap_search(base="ou=people,dc=companyname,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd client does a search for users with 'uid=username'
nslcd: [7b23c6] <shadow="username"> DEBUG: ldap_result(): uid=username,ou=people,dc=companyname,dc=com
LDAP server responds with 'uid=username' can be found in 'uid=username,ou=people,dc=companyname,dc=com'
It sounds like you think the LDAP server would have responded with something else.
nslcd: [3c9869] <authc="username"> DEBUG: ldap_simple_bind_s("uid=username,ou=people,dc=companyname,dc=com","***") (uri="ldaps://LDAPSERVER1")
Let's try the password...
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see http://lists.arthurdejong.org/nss-pam-ldapd-users/
- CentOS 7 : ldap authentication failed,
Frédéric Marchal
- Re: CentOS 7 : ldap authentication failed,
Berend De Schouwer
- Re: CentOS 7 : ldap authentication failed,
Otavio Campos Velho Gloria
- Message not available
- Fwd: CentOS 7 : ldap authentication failed, Frédéric Marchal
- Message not available
- Re: CentOS 7 : ldap authentication failed,
Otavio Campos Velho Gloria
- Message not available
- Fwd: CentOS 7 : ldap authentication failed, Frédéric Marchal
- Re: Fwd: CentOS 7 : ldap authentication failed,
Arthur de Jong
- Re: Fwd: CentOS 7 : ldap authentication failed, Frédéric Marchal
- Re: CentOS 7 : ldap authentication failed,
Berend De Schouwer
- Prev by Date: Re: CentOS 7 : ldap authentication failed
- Next by Date: Fwd: CentOS 7 : ldap authentication failed
- Previous by thread: Fwd: CentOS 7 : ldap authentication failed
- Next by thread: Re: Fwd: CentOS 7 : ldap authentication failed