[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: Re: Authentication Failure

segreteria@tjener:~$ ping ldap.intern
PING tjener.intern ( 56(84) bytes of data.
64 bytes from tjener.intern ( icmp_req=1 ttl=64 time=0.035 ms
64 bytes from tjener.intern ( icmp_req=2 ttl=64 time=0.046 ms
64 bytes from tjener.intern ( icmp_req=3 ttl=64 time=0.071 ms
64 bytes from tjener.intern ( icmp_req=4 ttl=64 time=0.047 ms
64 bytes from tjener.intern ( icmp_req=5 ttl=64 time=0.047 ms
64 bytes from tjener.intern ( icmp_req=6 ttl=64 time=0.048 ms
64 bytes from tjener.intern ( icmp_req=7 ttl=64 time=0.059 ms
--- tjener.intern ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 5998ms
rtt min/avg/max/mdev = 0.035/0.050/0.071/0.012 ms

segreteria@tjener:~$ ldapmodify -QY EXTERNAL -H ldapi:/// -f filename.ldif
ldapmodify: wrong attributeType at line 5, entry "cn=config"


2012/3/29 Steven Chamberlain <steven@pyro.eu.org>
On 29/03/12 13:25, Alessandro Fama wrote:
> Mar 29 14:17:01 localhost nslcd[1385]: [ed7263] no available
> LDAP server found

> Mar 29 14:20:01 localhost nslcd[1385]: [68079a]
> ldap_start_tls_s() failed: Connect error: No such file or
> directory (uri="ldap://ldap.intern")

The LDAP service is down?  So it cannot check your password.

Firstly I would check you can resolve the name "host ldap.intern" and
ping it.

> Mar 29 14:20:30 tjener slapd[1583]: <= bdb_equality_candidates:
> (krbPwdPolicyReference) not indexed

Not sure what that is.  Maybe it's harmless, or maybe it's the reason
LDAP isn't working.

I have no knowledge of configuring LDAP, but here is what I found:


Item 2.3 of the cn=config section mentions that error message is due to
a lack of 'eq' index, and 2.12 mentions adding this for that specific
database field.

So the fix may be to create an LDIF file containing:
> dn: cn=config
> changetype: modify
> replace: olcLogLevel
> olcLogLevel: stats
> add: olcDbIndex
> olcDbIndex: krbPwdPolicyReference eq

Then apply on the LDAP server with:
# ldapmodify -QY EXTERNAL -H ldapi:/// -f filename.ldif

Completely untested and no idea if this is a proper thing to do :)

Steven Chamberlain


Everything you need is already inside

Reply to: