Re: nslcd login issue

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: Patrik Laszlo <alabard [at] gmail.com>, nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: nslcd login issue
Date: Mon, 06 Feb 2017 00:00:27 +0100

On Sun, 2017-02-05 at 19:52 +0100, Patrik Laszlo wrote:
> I can login via LDAP, but I get the log like this via nslcd:
> 
> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: 
> ldap_sasl_bind("uid=patrikx3,ou=users,dc=patrikx3,dc=tk","***") 
> (uri="ldapi:///") (ppolicy=yes)
> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_parse_result() result: Invalid 
> credentials
> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: failed to bind to LDAP server 
> ldapi:///: Invalid credentials
> 
> In LDAP START TLS it works via ldap search.Also I can see it finds
> the user!

Your LDAP server logs may contain some more information about why the
login failed. Everything seems correct on the nslcd side.

The only weird thing is the ldapi: URI in combination with StartTLS.
Since I don't think there is a way for non-root users to intercept
traffic over a named socket there is not much use in running StartTLS
over that. You can use localSSF to configure slapd that ldapi:
connections are also considered secure.

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

Re: nslcd login issue, (continued)
- Re: nslcd login issue, Arthur de Jong

Prev by Date: Re: nslcd login issue
Next by Date: Re: nslcd login issue
Previous by thread: Re: nslcd login issue
Next by thread: Re: nslcd login issue