lists.arthurdejong.org
RSS feed

[nssldap] Weird behaviour when using SASL

[Date Prev][Date Next] [Thread Prev][Thread Next]

[nssldap] Weird behaviour when using SASL



Title: Weird behaviour when using SASL

Hi guys

I'm using nss_ldap (259) on SLES10 with SASL bind to the LDAP directory.
Even though everythings works fine on the prompt (I can use the id commands to list any LDAP user, which uses the SASL bind), daemons/applications (nscd,lsof) that use nss_ldap indirectly return errors in the syslog. (f.e. Apr 11 17:24:49 svbiad02 nscd: nss_ldap: failed to bind to LDAP server ldap://sv106n.esx.sidmar.agn/: Unknown authentication method)

Whenever I remove SASL in the ldap.conf file and replace it by normal binds, those daemons/applications work properly.
Has anyone encountered something similar?
Any help would be appreciated!

ldap.conf looks like
uri ldap://sv105n.esx.sidmar.agn/ ldap://sv107n.esx.sidmar.agn/ ldap://sv104n.esx.sidmar.agn/ ldap://sv106n.esx.sidmar.agn/

base o=sidmar,dc=agn
ldap_version 3
port 389
scope sub
timelimit 30
bind_timelimit 30
bind_policy soft
idle_timelimit 3600
ssl no
use_sasl on

nss_base_passwd         ou=users,ou=esx,o=sidmar,dc=agn?one
nss_base_shadow         ou=users,ou=esx,o=sidmar,dc=agn?one
nss_base_group          ou=groups,ou=esx,o=sidmar,dc=agn?one

----

nsswitch.conf looks like
passwd:         files ldap
group:          files ldap


Met vriendelijke groet
Best regards
Bien à vous

Miguel SANDERS
ArcelorMittal Gent

UNIX Systems & Storage
IT Supply Western Europe | John Kennedylaan 51

B-9042 Gent

T +32 9 347 3538 | F +32 9 347 4901 | M +32478 805 023
E miguel.sanders@arcelormittal.com
www.arcelormittal.com/gent


********************************************************************************
This message and any attachment are confidential, intended solely for the use of the individual or entity to whom it is addressed and may be protected by professional secrecy or intellectual property rights.
If you have received it by mistake, or are not the named recipient(s), please immediately notify the sender and delete the message. You are hereby notified that any unauthorized use, copying or dissemination of any or all information contained in this message is prohibited.
Arcelormittal shall not be liable for the message if altered, falsified, or in case of error in the recipient.
This message does not constitute any right or commitment for ArcelorMittal except when expressly agreed otherwise in writing in a separate agreement.
********************************************************************************