Hi Per, thanks for reply. > Did you install nslcd by it self or in companion with libnss-ldapd and > libpam-ldapd? nslcd has been installed automatically installing libnss-ldapd. > How does your /etc/nsswitch.conf look like? Here are the relevant > lines from mine: This is my /etc/nsswitch.conf: # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files ldap group: files ldap shadow: files ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files > This is unnecessary, nslcd functions fine without a DN. ok, i removed it > Looks like LDAP can't find the DN in the repository. Can you log in > manually as this user? Trying your command:root@amahoro:~# ldapsearch -xW -D "uid=nslcd_proc,ou=System,dc=amahoro,dc=bi" -H ldapi:///
Enter LDAP Password: ldap_bind: Invalid credentials (49) I don't know why but trying with this: root@amahoro:~# ldapsearch -xW -D "cn=Manager,dc=amahoro,dc=bi" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=amahoro,dc=bi> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object I don't understand where is wrong. > Do you have a slapd.conf? Have you compiled it from source or > installed as a Debian package? I installed it as a Debian package: root@amahoro:~# apt-cache policy slapd slapd: Installed: 2.4.23-7.2 Candidate: 2.4.23-7.2 Version table: *** 2.4.23-7.2 0 500 http://ftp.us.debian.org/debian/ squeeze/main i386 Packages 100 /var/lib/dpkg/status What do you think? On 04/23/2012 02:44 PM, Per Carlson wrote:
Hi Stefano.installed openldap and configured nslcd.conf and nsswitch.conf on debian squeeze server.Did you install nslcd by it self or in companion with libnss-ldapd and libpam-ldapd? How does your /etc/nsswitch.conf look like? Here are the relevant lines from mine: passwd: files ldap group: files ldap shadow: files ldap You need libnss-ldapd for the "ldap" rule in the lines above.At the moment getent passwd doesn't show ldap user. I create a user nslcd_proc for nslcd lookups. this user belong to the System organizationalUnit.This is unnecessary, nslcd functions fine without a DN.nslcd: [8b4567] DEBUG: ldap_simple_bind_s("uid=nslcd_proc,ou=System,dc=amahoro,dc=bi","***") (uri="ldap://localhost:389") nslcd: [8b4567] ldap_result() failed: No such objectLooks like LDAP can't find the DN in the repository. Can you log in manually as this user? server$ ldapsearch -xW -D "uid=nslcd_proc,ou=System,dc=amahoro,dc=bi" -H ldapi:///slapd.confDo you have a slapd.conf? Have you compiled it from source or installed as a Debian package? server$ apt-cache policy slapd I've got: slapd: Installed: 2.4.23-7.2 Candidate: 2.4.23-7.2 Version table: *** 2.4.23-7.2 0 700 http://ftp.no.debian.org/debian/ squeeze/main amd64 Packages 100 /var/lib/dpkg/status AFAIK the openldap server (binary package is called slapd in Debian) packaged no longer use that file. Instead the config is stored in a LDAP repository (/etc/ldap/slapd.d) and modified by using LDIF-files.