I'm looking for troubleshooting advice- hope someone has some insight
I can borrow.
Trying to get a Solaris8 client (with the latest ldap patchcluster) to
do simple authentication against FDS.
When setup for anonymous auth, I'm able to do ldap list just fine:
# ldaplist -l passwd tester
dn: cn=test user,ou=People,dc=corp,dc=example,dc=com
givenName: test
sn: user
loginShell: /bin/bash
gidNumber: 1024
uidNumber: 5351
mail: tester at example.com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
uid: tester
gecos: test user
cn: test user
homeDirectory: /nethome/tester
When setup for simple auth (and that's all I've changed), I'm seeing
error 49 (invalid credentials) in the FDS logs:
[10/Aug/2007:14:45:02 -0700] conn=25532 fd=65 slot=65 connection from
172.20.100.85 to 172.20.200.125
[10/Aug/2007:14:45:02 -0700] conn=25532 op=0 BIND
dn="cn=sunldap,ou=profile,dc=corp,dc=example,dc=com" method=128
version=3
[10/Aug/2007:14:45:02 -0700] conn=25532 op=0 RESULT err=49 tag=97
nentries=0 etime=0
[10/Aug/2007:14:45:02 -0700] conn=25532 op=1 UNBIND
[10/Aug/2007:14:45:02 -0700] conn=25532 op=1 fd=65 closed - U1
Here's my /var/ldap/ldap_client_cred file
NS_LDAP_BINDDN= cn=sunldap,ou=profile,dc=corp,dc=example,dc=com
NS_LDAP_BINDPASSWD= {NS1}8cf5886bf25241a5a5045e
How do I verify that the NS1 crypt is correct outside of the solaris
client (or ldap_gen_profile)?
The password in FDS for the above proxy user is stored in CRYPT format
in FDS- is this mismatch really supported ?
I can bind with the 'sunldap' user just fine from my linux hosts using
ldapsearch.
suggestions?
