[nssldap] Weird behaviour when using SASL
[Date Prev][Date Next] [Thread Prev][Thread Next][nssldap] Weird behaviour when using SASL
- From: miguel.sanders [at] arcelormittal.com
- To: nssldap [at] padl.com
- Subject: [nssldap] Weird behaviour when using SASL
- Date: Sat, 11 Apr 2009 17:26:29 +0200
Title: Weird behaviour when using SASL
Hi guys
I'm using nss_ldap (259) on SLES10 with SASL bind to the LDAP directory.
Even though everythings works fine on the prompt (I can use the id commands to list any LDAP user, which uses the SASL bind), daemons/applications (nscd,lsof) that use nss_ldap indirectly return errors in the syslog. (f.e. Apr 11 17:24:49 svbiad02 nscd: nss_ldap: failed to bind to LDAP server ldap://sv106n.esx.sidmar.agn/: Unknown authentication method)
Whenever I remove SASL in the ldap.conf file and replace it by normal binds, those daemons/applications work properly.
Has anyone encountered something similar?
Any help would be appreciated!
ldap.conf looks like
uri ldap://sv105n.esx.sidmar.agn/ ldap://sv107n.esx.sidmar.agn/ ldap://sv104n.esx.sidmar.agn/ ldap://sv106n.esx.sidmar.agn/
base o=sidmar,dc=agn
ldap_version 3
port 389
scope sub
timelimit 30
bind_timelimit 30
bind_policy soft
idle_timelimit 3600
ssl no
use_sasl on
nss_base_passwd ou=users,ou=esx,o=sidmar,dc=agn?one
nss_base_shadow ou=users,ou=esx,o=sidmar,dc=agn?one
nss_base_group ou=groups,ou=esx,o=sidmar,dc=agn?one
----
nsswitch.conf looks like
passwd: files ldap
group: files ldap
Met vriendelijke groet
Best regards
Bien à vous
Miguel SANDERS
ArcelorMittal Gent
UNIX Systems & Storage
IT Supply Western Europe | John Kennedylaan 51
B-9042 Gent
T +32 9 347 3538 | F +32 9 347 4901 | M +32478 805 023
E miguel.sanders@arcelormittal.com
www.arcelormittal.com/gent
********************************************************************************
This message and any attachment are confidential, intended solely for the use of the individual or entity to whom it is addressed and may be protected by professional secrecy or intellectual property rights.
If you have received it by mistake, or are not the named recipient(s), please immediately notify the sender and delete the message. You are hereby notified that any unauthorized use, copying or dissemination of any or all information contained in this message is prohibited.
Arcelormittal shall not be liable for the message if altered, falsified, or in case of error in the recipient.
This message does not constitute any right or commitment for ArcelorMittal except when expressly agreed otherwise in writing in a separate agreement.
********************************************************************************
- [nssldap] Weird behaviour when using SASL, miguel . sanders
- Prev by Date: Re: [nssldap] fetching user details from a ldap entry which consists of an objectClass other than posixAccount
- Next by Date: [nssldap] Solaris native ldap client to Windows Active Directory: Netgroups don't work because of control critical statement
- Previous by thread: Re: [nssldap] fetching user details from a ldap entry which consists of an objectClass other than posixAccount
- Next by thread: [nssldap] Solaris native ldap client to Windows Active Directory: Netgroups don't work because of control critical statement