RSS feed

Re: Maybe schema ppolicy problem, old openldap

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Maybe schema ppolicy problem, old openldap

downgrade solve the problem


ii  ldap-utils                      2.4.40+dfsg-1+deb8u2         amd64
OpenLDAP utilities
ri  libldap-2.4-2:amd64             2.4.40+dfsg-1+deb8u2         amd64
OpenLDAP libraries
ii  libnss-ldapd                    0.7.15+squeeze4              amd64
NSS module for using LDAP as a naming service
ii  libpam-ldapd:amd64              0.8.10-4                     amd64
PAM module for using LDAP as an authentication service

On Thu, 2016-03-24 at 13:08 +0100, Arthur de Jong wrote:
> On Thu, 24 Mar 2016, Берденников Александр wrote:
> > nslcd -d on client shows
> > ldap_sasl_bind("uid=berdennikov,ou=IT,ou=Departments,,ou=Domains,ou=Users,dc=promodev,dc=ru","***")
> >  (uri="ldaps://")
> > nslcd: [94b2fb] <authc="berdennikov"> DEBUG: ldap_result(): end of results 
> > (0 total)
> > nslcd: [94b2fb] <authc="berdennikov"> > 
> > uid=berdennikov,ou=IT,ou=Departments,,ou=Domains,ou=Users,dc=promodev,dc=ru:
> >  No results returned
> The problem is probably that the user cannot search for its own entry in 
> LDAP. As an extra check nslcd performs a check to see if the search for 
> its own returns a result. The reason for this is that some LDAP servers 
> seem to semi-silently fall back to an anonymous BIND if the authenticated 
> BIND fails.
> Some work is ongoing to see if a better solution for this can be found.
> The unrecognized control message can be safely ignored and should not be 
> related to this issue. If you want to be sure of this you will have to 
> downgrade to a 0.8 version of nslcd which does not request password policy 
> information on BIND.
> Hope this helps,
> -- 
> -- arthur - - --


Aleksandr Berdennikov
System Administrator
Promo Interactive Ogilvy Group
mobile: +7 (926) 587-32-19

To unsubscribe send an email to or see