Hi Per,
> Try stopping the caching daemon ("sudo service nscd stop") and try
> again. getent still doesn't resolve?
i tried without success
> I'm not 100% sure, but LDAP might bee needed in pam as well.
> Installing libpam-ldapd should do that automatically. Look for
> "pam_ldap.so" in /etc/pam.d/common-{auth,password,session}
i installed it and common-* files are updated automatically but it
didn't resolve it.
> Are you sure you have a working LDAP-database? Make sure you can
> resolve things manually first. When that is working you can continue
> working on nslcd.
Checking with:
root@amahoro:~# ldapsearch -xW -D "cn=Manager,dc=amahoro,dc=bi"
it shows:
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=amahoro,dc=bi> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
Checking with:
root@amahoro:~# ldapsearch -xW -D "cn=Manager,dc=amahoro,dc=bi" -b "" -s
base
it shows:
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#
#
dn:
objectClass: top
objectClass: OpenLDAProotDSE
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Why these differences only adding the DN for the search and adding the
specified entry am looking for?
> In that case the configuration isn't done by slapd.conf. Check out the
> documentation: "zless /usr/share/doc/slapd/README.Debian.gz
I know. In this case i deleted slapd.d folder and i created a new file
slapd.conf and i specified it in /etc/default/slapd
> This command should give you the suffix and ACL's and some more info
> (assuming a HDB database):
ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config"
"(objectclass=olchdbconfig)"
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: (objectclass=olchdbconfig)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
Another strange thing:
ls /var/lib/ldap/
alock __db.001 __db.003 __db.005 dn2id.bdb log.0000000001
cn.bdb __db.002 __db.004 __db.006 id2entry.bdb objectClass.bdb
There is not DB_CONFIG.
How is created it?
On 04/23/2012 04:11 PM, Per Carlson wrote:
Hi Stefano.
Did you install nslcd by it self or in companion with libnss-ldapd and
libpam-ldapd?
nslcd has been installed automatically installing libnss-ldapd.
Ok.
This is my /etc/nsswitch.conf:
passwd: files ldap
group: files ldap
shadow: files ldap
That's fine.
This is unnecessary, nslcd functions fine without a DN.
ok, i removed it
Try stopping the caching daemon ("sudo service nscd stop") and try
again. getent still doesn't resolve?
I'm not 100% sure, but LDAP might bee needed in pam as well.
Installing libpam-ldapd should do that automatically. Look for
"pam_ldap.so" in /etc/pam.d/common-{auth,password,session}
Looks like LDAP can't find the DN in the repository. Can you log in
manually as this user?
Trying your command:
root@amahoro:~# ldapsearch -xW -D
"uid=nslcd_proc,ou=System,dc=amahoro,dc=bi" -H ldapi:///
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
That explains why nslcd didn't succeed binding.
I don't know why but trying with this:
root@amahoro:~# ldapsearch -xW -D "cn=Manager,dc=amahoro,dc=bi"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base<dc=amahoro,dc=bi> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
I don't understand where is wrong.
Are you sure you have a working LDAP-database? Make sure you can
resolve things manually first. When that is working you can continue
working on nslcd.
Do you have a slapd.conf? Have you compiled it from source or
installed as a Debian package?
I installed it as a Debian package:
root@amahoro:~# apt-cache policy slapd
slapd:
Installed: 2.4.23-7.2
Candidate: 2.4.23-7.2
Version table:
*** 2.4.23-7.2 0
500 http://ftp.us.debian.org/debian/ squeeze/main i386 Packages
100 /var/lib/dpkg/status
In that case the configuration isn't done by slapd.conf. Check out the
documentation: "zless /usr/share/doc/slapd/README.Debian.gz"
What do you think?
This command should give you the suffix and ACL's and some more info
(assuming a HDB database):
server$ sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config"
"(objectclass=olchdbconfig)"
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4f957431.1020...@gmail.com
