Re: pam-ldap headaches
I should have been clearer on this. This also seems to have resolved my
issues with pam_ldap.
Cheers,
Stewart
>
> Begin Stewart James quotation:
> >
> > Just doing a little follow up here, I think I tracked my issues down. I am
> > not going to get into too much detail about how I eventually figured this
> > out but.
> >
> > If I apt-get source sendmail (8.12.6), comment out the following in the
> > libsm/ldap.c:
> > # ifdef LDAP_OPT_RESTART
> > ldap_set_option(ld, LDAP_OPT_RESTART, LDAP_OPT_ON);
> > # endif /* LDAP_OPT_RESTART */
> >
> > Then rebuild the package, everything works fine.
> >
> > I discoivered this after updating a prodocution box that was running ldap
> > maps in sendmail to sendmail_8.12.6-6Woody and sicovering sendmail was
> > giving off the same errors as pam_ldap when invoked from sendmail (Can not
> > connect to server). I quick downgraded and went the hunt. 8.12.6 is when
> > sendmail started using LDAP_OPT_RESTART so I took a wild guess went the
> > comment and this seemed to fix things up for me.
> >
> > Hopefully someone elsewho has the same problem will see this post.
> >
> > Cheers,
> >
> > Stewart
> >
> > On Thu, 7 Nov 2002, nate wrote:
> >
> > > Date: Thu, 7 Nov 2002 18:40:11 -0800 (PST)
> > > From: nate <debian-user@aphroland.org>
> > > To: debian-user@lists.debian.org
> > > Subject: Re: pam-ldap headaches
> > > Resent-Date: Thu, 7 Nov 2002 20:41:18 -0600 (CST)
> > > Resent-From: debian-user@lists.debian.org
> > >
> > > Stewart James said:
> > > >
> > > > I am so sorry, I just realised why I was not seeing my posts in the
> > > > archives. Helps if you change to most recent pages. I was posting without
> > > > being a member and thought maybe debial was dropping my posts for some
> > > > reason), my last post was being a member.
> > >
> > > well glad i really am not crazy!! You didn't mention you were not
> > > on the list, if you had I [cw]ould of cc:'d you.
> > >
> > > > I am doing nothing especially difficult. All were done with simple
> > > > installing libpam-ldap following the prompts.
> > > >
> > > > Of 5 machines I have tried this on only one is working. The others all
> > > > give the error ldap_simple_bind: cannot connect to server.
> > > >
> > > > My config is simple
> > > > host ldap.vu.edu.au
> > > > base o=vu.edu.au
> > > > ldap_version 3
> > > > port 389
> > > > pam_password clear
> > >
> > > from the servers that do NOT work can you try something like
> > >
> > > ldapsearch -b "o=vu.edu.au" -LLL -H "ldap://ldap.vu.edu.au:389/";
> > > '(objectClass=*)' -x
> > >
> > > this should spew out everything in your LDAP database. if you get
> > > an error, try turning on debug mode, i use -d 256 at first then
> > > jump to -d 65536.
> > >
> > > if it works try putting this line in your /etc/pam_ldap.conf:
> > >
> > > uri ldap://ldap.vu.edu.au:389/
> > >
> > > (in addition to all the others)
> > >
> > > if it doesn't connect, sounds like there could be some sort of firewall
> > > or other mechanism preventing connection.
> > >
> > >
> > > > Watching the network, I can see pam_ldap doing a lookup for ldap.vu.edu.au
> > > > - and getting a result, it looksup a AAAA record for ldap.vu.edu.au then
> > > > AAAA for ldap.vu.edu.au.its.vu.edu.au then finally looks up A for
> > > > ldap.vu.edu.au and gets an IP address. But it never attempts to connect.
> > > >
> > > > For some reason, and I don;t know why ldap_simple_bind fails without
> > > > attempting to connect the host.
> > >
> > > not sure either, but doing a ldapsearch SHOULD produce the same results
> > > as what pam_ldap does, and you can turn on debugging to see whats going
> > > on.
> > >
> > > good luck
> > >
> > > nate
> > >
> > >
> > >
> > >
> > >
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Reply to: