yes its
rpm -qa | grep nss_ldap
nss_ldap-253-49.el5
nss_ldap-253-49.el5
i there is some other problem ..
example :
when i execute this :
ldapsearch -x -ZZ -D "cn=Directory Manager" -w meditation -h
ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
i get output
example :
ldapsearch -x -ZZ -D "cn=Directory Manager" -w xxxx -h
ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
# extended LDIF
#
# LDAPv3
# base <dc=fosiul,dc=lan> with scope subtree
# filter: (cn=Fosiul Alam)
# requesting: ALL
#
# falam, users, uk, fosiul.lan
dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
givenName: Fosiul
sn: Alam
loginShell: /bin/bash/bash
uidNumber: 1000
gidNumber: 3000
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
uid: falam
cn: Fosiul Alam
homeDirectory: /home/falam
userPassword:: e1NTSEF9bkM0dyFlLaFlJYUVPclZHRENiT1Y2RnA1MDAwdnZZQ1E9PQ=
=
# search result
search: 3
result: 0 Success
# numResponses: 2
# numEntries: 1
when i do this ( i dont get anythin)
==================
ldapsearch -x -ZZ -D "uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" -w
xxxxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
dn cn sn
# extended LDIF
#
# LDAPv3
# base <dc=fosiul,dc=lan> with scope subtree
# filter: (cn=Fosiul Alam)
# requesting: dn cn sn
#
# search result
search: 3
result: 0 Success
# numResponses: 1
and log i get :
[28/Jul/2012:19:18:48 +0100] conn=141 fd=69 slot=69 connection from
192.0.0.4 to 192.0.0.9
[28/Jul/2012:19:18:48 +0100] conn=141 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[28/Jul/2012:19:18:48 +0100] conn=141 op=0 RESULT err=0 tag=120
nentries=0 etime=0
[28/Jul/2012:19:18:48 +0100] conn=141 SSL 256-bit AES
[28/Jul/2012:19:18:48 +0100] conn=141 op=1 BIND
dn="uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" method=128 version=3
[28/Jul/2012:19:18:48 +0100] conn=141 op=1 RESULT err=0 tag=97
nentries=0 etime=0 dn="uid=falam,ou=users,l=uk,dc=fosiul,dc=lan"
[28/Jul/2012:19:18:48 +0100] conn=141 op=2 SRCH
base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)"
attrs="distinguishedName cn sn"
[28/Jul/2012:19:18:48 +0100] conn=141 op=2 RESULT err=0 tag=101
nentries=0 etime=0
[28/Jul/2012:19:18:48 +0100] conn=141 op=3 UNBIND
[28/Jul/2012:19:18:48 +0100] conn=141 op=3 fd=69 closed - U1
do know where is the problem
but its not working
On Sat, Jul 28, 2012 at 7:13 PM, Grzegorz Dwornicki <gd1100(a)gmail.com> wrote:
Do you have nss_ldap installed?
28-07-2012 18:58, "Fosiul Alam" <fosiul(a)gmail.com> napisał(a):
> hi yes.. i am not using ip . i am using fully host name
>
> this is my nsswitch
>
> cat /etc/nsswitch.conf
> #
> # /etc/nsswitch.conf
> #
> # An example Name Service Switch config file. This file should be
> # sorted with the most-used services at the beginning.
> #
> # The entry '[NOTFOUND=return]' means that the search for an
> # entry should stop if the search in the previous entry turned
> # up nothing. Note that if the search failed due to some other reason
> # (like no NIS server responding) then the search continues with the
> # next entry.
> #
> # Legal entries are:
> #
> # nisplus or nis+ Use NIS+ (NIS version 3)
> # nis or yp Use NIS (NIS version 2), also called YP
> # dns Use DNS (Domain Name Service)
> # files Use the local files
> # db Use the local database (.db) files
> # compat Use NIS on compat mode
> # hesiod Use Hesiod for user lookups
> # [NOTFOUND=return] Stop searching if not found so far
> #
>
> # To use db, put the "db" in front of "files" for entries you
want to be
> # looked up first in the databases
> #
> # Example:
> #passwd: db files nisplus nis
> #shadow: db files nisplus nis
> #group: db files nisplus nis
>
> passwd: files ldap
> shadow: files ldap
> group: files ldap
>
> #hosts: db files nisplus nis dns
> hosts: files dns
>
> # Example - obey only what nisplus tells us...
> #services: nisplus [NOTFOUND=return] files
> #networks: nisplus [NOTFOUND=return] files
> #protocols: nisplus [NOTFOUND=return] files
> #rpc: nisplus [NOTFOUND=return] files
> #ethers: nisplus [NOTFOUND=return] files
> #netmasks: nisplus [NOTFOUND=return] files
>
> bootparams: nisplus [NOTFOUND=return] files
>
> ethers: files
> netmasks: files
> networks: files
> protocols: files
> rpc: files
> services: files
>
> netgroup: files ldap
>
> publickey: nisplus
>
> automount: files ldap
> aliases: files nisplus
>
> sudoers: files ldap
>
>
> and /etc/ldap
>
> [root@home cacerts]# grep -v "^#" /etc/ldap.conf | sed -e '/^$/d'
> base dc=fosiul,dc=lan
>
> timelimit 120
> bind_timelimit 120
> idle_timelimit 3600
> #nss_base_passwd ou=users,l=uk,dc=fosiul,dc=lan,?one
> nss_initgroups_ignoreusers
>
> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
> uri ldap://ldap-2.fosiul.lan/
> ssl start_tls
> tls_cacertfile /etc/openldap/cacerts/ds-ca.crt
> pam_password clear
>
>
> On Sat, Jul 28, 2012 at 5:23 PM, Grzegorz Dwornicki <gd1100(a)gmail.com>
> wrote:
> > I assume you are using TLS. You need to use fqdn not ip of centos
> > directory
> > server, configure firewall for 389 or 636 port.
> >
> > Please send content of /etc/nsswitch.conf and /etc/ldap.conf
> >
> > 28-07-2012 18:13, "Fosiul Alam" <fosiul(a)gmail.com> napisał(a):
> >
> >> Hi
> >> I configured another pc
> >> with authconfig-tui
> >> but there is not any luck
> >> its same thing ..
> >>
> >> Fosiul
> >>
> >> On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki
<gd1100(a)gmail.com>
> >> wrote:
> >> > In other mail I've told you: use authconfig or authconfig-tui or
> >> > system-config-authentication to setup system for ldap authentication.
> >> > For
> >> > example authconfig-tui has simple text-based interface, authconfig is
> >> > CLI
> >> > based and require arguments. Finally system-config-authentication has
> >> > gui.
> >> >
> >> > 28-07-2012 16:50, "Fosiul Alam" <fosiul(a)gmail.com>
napisał(a):
> >> >>
> >> >> Hi
> >> >> I have setup ldap server and from client its returning example :
> >> >>
> >> >> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory
manager" -w xxx
> >> >> -h
> >> >> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul
Alam)"
> >> >> # extended LDIF
> >> >> #
> >> >> # LDAPv3
> >> >> # base <dc=fosiul,dc=lan> with scope subtree
> >> >> # filter: (cn=Fosiul Alam)
> >> >> # requesting: ALL
> >> >> #
> >> >>
> >> >> # falam, users, uk, fosiul.lan
> >> >> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
> >> >> givenName: Fosiul
> >> >> sn: Alam
> >> >> loginShell: /bin/bash/bash
> >> >> uidNumber: 1000
> >> >> gidNumber: 3000
> >> >> objectClass: top
> >> >> objectClass: person
> >> >> objectClass: organizationalPerson
> >> >> objectClass: inetorgperson
> >> >> objectClass: posixAccount
> >> >> uid: falam
> >> >> cn: Fosiul Alam
> >> >> homeDirectory: /home/falam
> >> >> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=
> >> >> =
> >> >>
> >> >> # search result
> >> >> search: 3
> >> >> result: 0 Success
> >> >>
> >> >> # numResponses: 2
> >> >> # numEntries: 1
> >> >>
> >> >> and in the access log :
> >> >>
> >> >> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from
> >> >> 192.0.0.4 to 192.0.0.9
> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT
> >> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120
> >> >> nentries=0 etime=0
> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES
> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND
dn="cn=Directory
> >> >> manager" method=128 version=3
> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97
> >> >> nentries=0 etime=0 dn="cn=directory manager"
> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH
> >> >> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul
Alam)" attrs=ALL
> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101
> >> >> nentries=1 etime=0
> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND
> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
> >> >>
> >> >>
> >> >> But From command line , when i do
> >> >> [root@home ~]# id falam
> >> >> id: falam: No such user
> >> >>
> >> >>
> >> >>
> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection
from
> >> >> 192.0.0.4 to 192.0.0.9
> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT
> >> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120
> >> >> nentries=0 etime=0
> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES
> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn=""
method=128
> >> >> version=3
> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97
> >> >> nentries=0 etime=0 dn=""
> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH
> >> >> base="dc=fosiul,dc=lan" scope=2
> >> >> filter="(&(objectClass=posixAccount)(uid=falam))"
attrs="uid
> >> >> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
> >> >> description objectClass"
> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101
> >> >> nentries=0 etime=0
> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
> >> >>
> >> >>
> >> >> So basically, ldapsearch is working but authentication is not
> >> >> working
> >> >> ..
> >> >>
> >> >> Can any one please help me with this .
> >> >> and i am using Centos 5.8
> >> >>
> >> >> Fosiul.
> >> >> --
> >> >> 389 users mailing list
> >> >> 389-users(a)lists.fedoraproject.org
> >> >>
https://admin.fedoraproject.org/mailman/listinfo/389-users
> >> >
> >> >
> >> > --
> >> > 389 users mailing list
> >> > 389-users(a)lists.fedoraproject.org
> >> >
https://admin.fedoraproject.org/mailman/listinfo/389-users
> >>
> >>
> >>
> >> --
> >> Regards
> >> Fosiul Alam
> >> 07877100621
> >>
http://www.fosiul.co.uk
> >> --
> >> 389 users mailing list
> >> 389-users(a)lists.fedoraproject.org
> >>
https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> >
> > --
> > 389 users mailing list
> > 389-users(a)lists.fedoraproject.org
> >
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> Regards
> Fosiul Alam
> 07877100621
>
http://www.fosiul.co.uk
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk