RSS feed

Re: nslcd login issue

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: nslcd login issue


It is so weird!
I had to add this lib:
apt install libnss-ldapd 

WIthout it, not working.
I should add to the Debian repo, but I cannot register! 
I got a full script to install all but I cannot even add.


alabard [at]



On Mon, Feb 6, 2017 at 12:00 AM, Arthur de Jong <arthur [at]> wrote:
On Sun, 2017-02-05 at 19:52 +0100, Patrik Laszlo wrote:
> I can login via LDAP, but I get the log like this via nslcd:
> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_sasl_bind("uid=patrikx3,ou=users,dc=patrikx3,dc=tk","***") (uri="ldapi:///") (ppolicy=yes)
> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_parse_result() result: Invalid credentials
> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: failed to bind to LDAP server ldapi:///: Invalid credentials
> In LDAP START TLS it works via ldap search.Also I can see it finds
> the user!

Your LDAP server logs may contain some more information about why the
login failed. Everything seems correct on the nslcd side.

The only weird thing is the ldapi: URI in combination with StartTLS.
Since I don't think there is a way for non-root users to intercept
traffic over a named socket there is not much use in running StartTLS
over that. You can use localSSF to configure slapd that ldapi:
connections are also considered secure.

-- arthur - arthur [at] - --

To unsubscribe send an email to or see