Re: LDAP Authentication problem

["Christoph Buchli" <christoph.buchli@gmail.com>]

Hi all, Roberto

The configuration-file from my debian client looks exactly the same as
the one from the suse-client...

(Suse:/etc/ldap.conf = Debian:/etc/libnss-ldap.conf)

regards


On 3/8/07, Christoph Buchli <christoph.buchli@gmail.com> wrote:
> Hi
> I really don't want to lose much words, so let's start ;)
>
> Goals:
> I have an LDAP-server which works (a SUSE-Client is able to
> authenticate on this server...).
> The server requires SSL/TLS to connect...
> My ambition is now to connect from my freshly installed Debian-Etch
> client to this server and to authenticate (using libnss-ldap) on it.
>
> Nice, so far. Isn't it?
>
> Now, the way that is already behind me:
> I've installed first the libnss-ldap package and configured it... I
> was pretty sure that everything was as good as possible!
>
> I've edited the /etc/nsswitch.conf (1).
> Then, I wrote the password for the admin-user into /etc/libnss-ldap.secret:
> # echo -n "<password>" > /etc/libnss-ldap.secret
>
> After that, I made softlinks into the /etc/ldap, so that
> /etc/ldap/ldap.conf -> /etc/libnss-ldap.conf
> /etc/ldap/ldap.secret -> /etc/libnss-ldap.secret
>
> I did that because I just couldn't figure out, which is the right
> configuration file....
>
> As already said, the server works. So I thought, I joust could do "su
> <user>" and I'll be this user ;)
> Actually this didn't work and finally we reach my problem now:
>
> Problem:
> It's quite easy to describe: It doesn't work ;)
> I got the "No such user"- error...
>
> So, I turned on one of my best friends: Wireshark (on the server).
> It showed me some SSL-traffic between the client and the server... Not
> bad so far... :D
> But in the syslog from my client I could find "Couldn't connect to
> LDAP server".."cn=admin,o=cag".
>
> I can't see my mistake... But I'm sure that it is kind of a lack of
> understanding...
>
> Thanks a lot for answers...
> Christoph Buchli
>
> (1)
> # cat /etc/nsswitch.conf | grep -v ^\#
> passwd:         ldap files
> group:          ldap files
> shadow:         ldap files
> hosts:          files dns
> networks:       files
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> netgroup:       nis
>
>
> (2)
> # cat /etc/libnss-ldap.conf | grep -v ^\#
>   @(#)$Id: ldap.conf,v 2.47 2006/05/15 08:13:44 lukeh Exp $
> base o=cag
> uri ldaps://x.y.21.109:636
> ldap_version 3
> rootbinddn cn=admin,o=cag
> pam_password    nds
> ssl     start_tls
> nss_map_attribute       uniqueMember member
> pam_filter      objectclass=posixAccount
> nss_base_passwd o=cag
> nss_base_shadow o=cag
> nss_base_group  o=cag