RSS feed

Re: nslcd login issue

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: nslcd login issue

On Sun, 2017-02-05 at 19:52 +0100, Patrik Laszlo wrote:
> I can login via LDAP, but I get the log like this via nslcd:
> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: 
> ldap_sasl_bind("uid=patrikx3,ou=users,dc=patrikx3,dc=tk","***") 
> (uri="ldapi:///") (ppolicy=yes)
> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_parse_result() result: Invalid 
> credentials
> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: failed to bind to LDAP server 
> ldapi:///: Invalid credentials
> In LDAP START TLS it works via ldap search.Also I can see it finds
> the user!

Your LDAP server logs may contain some more information about why the
login failed. Everything seems correct on the nslcd side.

The only weird thing is the ldapi: URI in combination with StartTLS.
Since I don't think there is a way for non-root users to intercept
traffic over a named socket there is not much use in running StartTLS
over that. You can use localSSF to configure slapd that ldapi:
connections are also considered secure.

-- arthur - - --
To unsubscribe send an email to or see