Setup with Cent 7.9 + a configuration guide [1] helped. But, When I am trying to authenticate the ldap user from another machine, I see following error on LDAP server =
----------------------------------------------------------------------------- Jul 21 12:04:50 ldap slapd[21830]: conn=1003 op=7 SRCH attr=objectClass cn userPassword gidNumber memberuid modifyTimestamp modifyTimestamp Jul 21 12:04:50 ldap slapd[21830]: <= bdb_equality_candidates: (gidNumber) not indexed Jul 21 12:04:50 ldap slapd[21830]: conn=1003 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text= Jul 21 12:04:50 ldap slapd[21830]: conn=1004 fd=18 ACCEPT from IP=10.200.104.135:46940 (IP=0.0.0.0:389) Jul 21 12:04:50 ldap slapd[21830]: conn=1004 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jul 21 12:04:50 ldap slapd[21830]: conn=1004 op=0 STARTTLS Jul 21 12:04:50 ldap slapd[21830]: conn=1004 op=0 RESULT oid= err=0 text= Jul 21 12:04:50 ldap slapd[21830]: conn=1004 fd=18 closed (TLS negotiation failure) Jul 21 12:04:50 ldap slapd[21830]: conn=1003 op=8 UNBIND Jul 21 12:04:50 ldap slapd[21830]: conn=1003 fd=11 closed ---------------------------------------------------------------------------- If I ssh to client machine & say = 1) getent passwd user1 = user1:*:9999:100:user1[Admin (at) XYZ]:/home/user1:/bin/bash 2) sudo user1 & then id = uid=9999(user1) gid=100(users) groups=100(users) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 I tried to generate a key & cert & did import using ldapmodify command. [2] Copied the .cert file on client machine under /etc/openldap/certs I checked the permissions. Looks ok. I tried restarting nscd & nslcd services on client machine. After switching to the ldap user on client machine, I can see that the user's dir is created under /home. But getting 'Access denied' error when trying to ssh to the client machine using the LDAP user & the password. Any hints how to fix this issue? I am trying to setup openldap for a third party app. >From the app's web UI, developer connects to the ldap > fetches the ldap user & then we login to the web UI using the ldap user. Regards, Amey. [1] https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html [2] https://linuxhostsupport.com/blog/how-to-install-ldap-on-centos-7/ On Fri, 16 Jul 2021 at 10:27, Amey Abhyankar <sco1...@gmail.com> wrote: > > Hello All, > > Any simple method to achieve this? > > I want to fetch openldap user from a third party application. > I enter ldap details in the third party app for connection. > > I did Google and found some posts at IBM forums which are complicated > enough to understand and half baked. > > I have installed openldap using turnkey Linux. Bundled openldap software. > Configured cn,dn etc. > Added generic user with sn. > This is just a POC server. > I am using a different domain name than the currently used domain name. > > If I try to make a ldap connection even on this server using 127.0.1.1 > it gives an errpr. > command = ldapsearch -x -LLL -H ldap://127.0.1.1 > error = object not found (32) > I also tried to use ldap:/// flag. > Same error. > > Any hints on how to configure SRV record? Thanks. > Installing BIND9 on the openldap Debian 10 os will help? > > Regards, > Amey. _______________________________________________ plug-mail mailing list plug-mail@plug.org.in http://list.plug.org.in/listinfo/plug-mail
