unlink of socket failed and no such object

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Pete Greenup <petegreenup [at] gmail.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Reply-to: petegreenup [at] gmail.com
Subject: unlink of socket failed and no such object
Date: Thu, 14 May 2015 16:31:54 -0700

Folks, i have been scouring forums and doing google searches as far and wide as i can think of am i'm stumped. This is on Centos 7, openldap-2.4.39-6.el7.x86_64, openldap-clients-2.4.39-6.el7.x86_64, nss-pam-ldapd-0.8.13-8.el7.x86_64. Using tac_plus auth'ing against Active Directory. I believe i have all correctly conf'd and couldn't auth, even tho i get positive response on ldapsearch -x -D "webtrends\user" -W uid=xuser (so i know ldap is up and available). I run nslcd in debug mode and try to do an ldap Auth and get the following curious lines which i think are part of the problem:

nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory

and

nslcd: [3c9869] <authc="xuser"> DEBUG: "xuser": user not found: No such object

Can someone shed some light on this for me? "No such object" tells me its not looking in the right place, but ldapsearch finds it. So is there some adjustment i need to make in my nslcd.conf to get it to search the right place?

Any thoughts on the socket failed No such file or directory

I have tried un-commenting and commenting a few different fields in the active directory section of my nslcd.conf, but am thinking i might need to do something more specific?

Any insight would be much appreciated...

Cheers

Here is my nslcd.conf:

# This is the configuration file for the LDAP nameservice

# switch library's nslcd daemon. It configures the mapping

# between NSS names (see /etc/nsswitch.conf) and LDAP

# information in the directory.

# See the manual page nslcd.conf(5) for more information.

# The user and group nslcd should run as.

uid nslcd

gid ldap

# The uri pointing to the LDAP server to use for name lookups.

# Multiple entries may be specified. The address that is used

# here should be resolvable without using LDAP (obviously).

#uri ldap://127.0.0.1/

#uri ldaps://127.0.0.1/

#uri ldapi://%2fvar%2frun%2fldapi_sock/

# Note: %2f encodes the '/' used as directory separator

uri ldap://10.1.2.251/

# The LDAP version to use (defaults to 3

# if supported by client library)

ldap_version 3

# The distinguished name of the search base.

base OU=Administrative,OU=Users,DC=Company,DC=corp

ssl no

# The distinguished name to bind to the server with.

# Optional: default is to bind anonymously.

binddn cn=proxyuser,dc=example,dc=com

binddn company\user

# The credentials to bind with.

# Optional: default is no credentials.

# Note that if you set a bindpw you should check the permissions of this file.

#bindpw secret

bindpw secret

# The distinguished name to perform password modifications by root by.

#rootpwmoddn cn=admin,dc=example,dc=com

# The default search scope.

#scope sub

#scope one

#scope base

# Customize certain database lookups.

#base group ou=Groups,dc=example,dc=com

#base passwd ou=People,dc=example,dc=com

#base shadow ou=People,dc=example,dc=com

#scope group onelevel

#scope hosts sub

# Bind/connect timelimit.

#bind_timelimit 30

# Search timelimit.

#timelimit 30

# Idle timelimit. nslcd will close connections if the

# server has not been contacted for the number of seconds.

#idle_timelimit 3600

# Use StartTLS without verifying the server certificate.

#ssl start_tls

#tls_reqcert never

# CA certificates for server certificate verification

#tls_cacertdir /etc/ssl/certs

#tls_cacertfile /etc/ssl/ca.cert

# Seed the PRNG if /dev/urandom is not provided

#tls_randfile /var/run/egd-pool

# SSL cipher suite

# See man ciphers for syntax

#tls_ciphers TLSv1

# Client certificate and key

# Use these, if your server requires client authentication.

#tls_cert

#tls_key

# Mappings for Services for UNIX 3.5

#filter passwd (objectClass=User)

#map passwd uid msSFU30Name

#map passwd userPassword msSFU30Password

#map passwd homeDirectory msSFU30HomeDirectory

#map passwd homeDirectory msSFUHomeDirectory

#filter shadow (objectClass=User)

#map shadow uid msSFU30Name

#map shadow userPassword msSFU30Password

#filter group (objectClass=Group)

#map group member msSFU30PosixMember

# Mappings for Services for UNIX 2.0

#filter passwd (objectClass=User)

#map passwd uid msSFUName

#map passwd userPassword msSFUPassword

#map passwd homeDirectory msSFUHomeDirectory

#map passwd gecos msSFUName

#filter shadow (objectClass=User)

#map shadow uid msSFUName

#map shadow userPassword msSFUPassword

#map shadow shadowLastChange pwdLastSet

#filter group (objectClass=Group)

#map group member posixMember

# Mappings for Active Directory

pagesize 1000

referrals off

idle_timelimit 800

filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))

#map passwd uid sAMAccountName

#map passwd homeDirectory unixHomeDirectory

map passwd gecos displayName

filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))

map shadow uid sAMAccountName

map shadow shadowLastChange pwdLastSet

#filter group (objectClass=group)

# Alternative mappings for Active Directory

# (replace the SIDs in the objectSid mappings with the value for your domain)

#pagesize 1000

#referrals off

#idle_timelimit 800

#filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer)))

map passwd uid cn

#map passwd uidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820

#map passwd gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820

map passwd homeDirectory "/home/$cn"

#map passwd gecos displayName

map passwd loginShell "/bin/bash"

filter group (|(objectClass=group)(objectClass=person))

#map group gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820

# Mappings for AIX SecureWay

#filter passwd (objectClass=aixAccount)

#map passwd uid userName

#map passwd userPassword passwordChar

#map passwd uidNumber uid

#map passwd gidNumber gid

#filter group (objectClass=aixAccessGroup)

#map group cn groupName

#map group gidNumber gid

# This comment prevents repeated auto-migration of settings.

Here is my /etc/openldap/ldap.conf:

# LDAP Defaults

# See ldap.conf(5) for details

# This file should be world readable but not world writable.

#BASE dc=example,dc=com

#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

BASE OU=Administrative,OU=Users,DC=Company,DC=corp

URI ldap://10.1.2.251

#SIZELIMIT 12

#TIMELIMIT 15

#DEREF never

TLS_CACERTDIR /etc/openldap/certs

# Turning this off breaks GSSAPI used with krb5 when rdns = false

SASL_NOCANON on

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

unlink of socket failed and no such object, Pete Greenup

Re: unlink of socket failed and no such object, Arthur de Jong
- Re: unlink of socket failed and no such object, Pete Greenup
  - Re: unlink of socket failed and no such object, Pete Greenup

Prev by Date: Re: innetgr support?
Next by Date: LDAP password is "INCORRECT"
Previous by thread: Re: NSS+LDAP+SSH setup with /home shared across several servers
Next by thread: Re: unlink of socket failed and no such object