Re: pam-ldap headaches
Stewart James said:
>
> I am so sorry, I just realised why I was not seeing my posts in the
> archives. Helps if you change to most recent pages. I was posting without
> being a member and thought maybe debial was dropping my posts for some
> reason), my last post was being a member.
well glad i really am not crazy!! You didn't mention you were not
on the list, if you had I [cw]ould of cc:'d you.
> I am doing nothing especially difficult. All were done with simple
> installing libpam-ldap following the prompts.
>
> Of 5 machines I have tried this on only one is working. The others all
> give the error ldap_simple_bind: cannot connect to server.
>
> My config is simple
> host ldap.vu.edu.au
> base o=vu.edu.au
> ldap_version 3
> port 389
> pam_password clear
from the servers that do NOT work can you try something like
ldapsearch -b "o=vu.edu.au" -LLL -H "ldap://ldap.vu.edu.au:389/";
'(objectClass=*)' -x
this should spew out everything in your LDAP database. if you get
an error, try turning on debug mode, i use -d 256 at first then
jump to -d 65536.
if it works try putting this line in your /etc/pam_ldap.conf:
uri ldap://ldap.vu.edu.au:389/
(in addition to all the others)
if it doesn't connect, sounds like there could be some sort of firewall
or other mechanism preventing connection.
> Watching the network, I can see pam_ldap doing a lookup for ldap.vu.edu.au
> - and getting a result, it looksup a AAAA record for ldap.vu.edu.au then
> AAAA for ldap.vu.edu.au.its.vu.edu.au then finally looks up A for
> ldap.vu.edu.au and gets an IP address. But it never attempts to connect.
>
> For some reason, and I don;t know why ldap_simple_bind fails without
> attempting to connect the host.
not sure either, but doing a ldapsearch SHOULD produce the same results
as what pam_ldap does, and you can turn on debugging to see whats going
on.
good luck
nate
Reply to: