Re: nslcd login issue

[Patrik <alabard [at] gmail.com>]

Guys,

It is so weird!

I had to add this lib:

apt install libnss-ldapd 

WIthout it, not working.

I should add to the Debian repo, but I cannot register! 

I got a full script to install all but I cannot even add.

SORRY FOR HELPING!!!!

Patrik

GTalk:  
alabard [at] gmail.com

Web:

http://www.patrikx3.tk

Mobile:

+36 20 342 8046

On Mon, Feb 6, 2017 at 12:00 AM, Arthur de Jong <arthur [at] arthurdejong.org> wrote:

On Sun, 2017-02-05 at 19:52 +0100, Patrik Laszlo wrote:
> I can login via LDAP, but I get the log like this via nslcd:
>
> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_sasl_bind("uid=patrikx3,ou=users,dc=patrikx3,dc=tk","***") (uri="ldapi:///") (ppolicy=yes)
> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: ldap_parse_result() result: Invalid credentials
> nslcd: [7b23c6] <authc="patrikx3"> DEBUG: failed to bind to LDAP server ldapi:///: Invalid credentials
>
> In LDAP START TLS it works via ldap search.Also I can see it finds
> the user!

Your LDAP server logs may contain some more information about why the
login failed. Everything seems correct on the nslcd side.

The only weird thing is the ldapi: URI in combination with StartTLS.
Since I don't think there is a way for non-root users to intercept
traffic over a named socket there is not much use in running StartTLS
over that. You can use localSSF to configure slapd that ldapi:
connections are also considered secure.

--
-- arthur - arthur [at] arthurdejong.org - https://arthurdejong.org/ --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/