Hi
I really don't want to lose much words, so let's start ;)
Goals:
I have an LDAP-server which works (a SUSE-Client is able to
authenticate on this server...).
The server requires SSL/TLS to connect...
My ambition is now to connect from my freshly installed Debian-Etch
client to this server and to authenticate (using libnss-ldap) on it.
Nice, so far. Isn't it?
Now, the way that is already behind me:
I've installed first the libnss-ldap package and configured it... I
was pretty sure that everything was as good as possible!
I've edited the /etc/nsswitch.conf (1).
Then, I wrote the password for the admin-user into /etc/libnss-ldap.secret:
# echo -n "<password>" > /etc/libnss-ldap.secret
After that, I made softlinks into the /etc/ldap, so that
/etc/ldap/ldap.conf -> /etc/libnss-ldap.conf
/etc/ldap/ldap.secret -> /etc/libnss-ldap.secret
I did that because I just couldn't figure out, which is the right
configuration file....
As already said, the server works. So I thought, I joust could do "su
<user>" and I'll be this user ;)
Actually this didn't work and finally we reach my problem now:
Problem:
It's quite easy to describe: It doesn't work ;)
I got the "No such user"- error...
So, I turned on one of my best friends: Wireshark (on the server).
It showed me some SSL-traffic between the client and the server... Not
bad so far... :D
But in the syslog from my client I could find "Couldn't connect to
LDAP server".."cn=admin,o=cag".
I can't see my mistake... But I'm sure that it is kind of a lack of
understanding...
Thanks a lot for answers...
Christoph Buchli
(1)
# cat /etc/nsswitch.conf | grep -v ^\#
passwd: ldap files
group: ldap files
shadow: ldap files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
(2)
# cat /etc/libnss-ldap.conf | grep -v ^\#
@(#)$Id: ldap.conf,v 2.47 2006/05/15 08:13:44 lukeh Exp $
base o=cag
uri ldaps://x.y.21.109:636
ldap_version 3
rootbinddn cn=admin,o=cag
pam_password nds
ssl start_tls
nss_map_attribute uniqueMember member
pam_filter objectclass=posixAccount
nss_base_passwd o=cag
nss_base_shadow o=cag
nss_base_group o=cag
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
