yes its rpm -qa | grep nss_ldap nss_ldap-253-49.el5 nss_ldap-253-49.el5 i there is some other problem .. example : when i execute this : ldapsearch -x -ZZ -D "cn=Directory Manager" -w meditation -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" i get output example : ldapsearch -x -ZZ -D "cn=Directory Manager" -w xxxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (cn=Fosiul Alam) # requesting: ALL # # falam, users, uk, fosiul.lan dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan givenName: Fosiul sn: Alam loginShell: /bin/bash/bash uidNumber: 1000 gidNumber: 3000 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: falam cn: Fosiul Alam homeDirectory: /home/falam userPassword:: e1NTSEF9bkM0dyFlLaFlJYUVPclZHRENiT1Y2RnA1MDAwdnZZQ1E9PQ= = # search result search: 3 result: 0 Success # numResponses: 2 # numEntries: 1 when i do this ( i dont get anythin) ================== ldapsearch -x -ZZ -D "uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" -w xxxxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" dn cn sn # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> with scope subtree # filter: (cn=Fosiul Alam) # requesting: dn cn sn # # search result search: 3 result: 0 Success # numResponses: 1 and log i get : [28/Jul/2012:19:18:48 +0100] conn=141 fd=69 slot=69 connection from 192.0.0.4 to 192.0.0.9 [28/Jul/2012:19:18:48 +0100] conn=141 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [28/Jul/2012:19:18:48 +0100] conn=141 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [28/Jul/2012:19:18:48 +0100] conn=141 SSL 256-bit AES [28/Jul/2012:19:18:48 +0100] conn=141 op=1 BIND dn="uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" method=128 version=3 [28/Jul/2012:19:18:48 +0100] conn=141 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" [28/Jul/2012:19:18:48 +0100] conn=141 op=2 SRCH base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs="distinguishedName cn sn" [28/Jul/2012:19:18:48 +0100] conn=141 op=2 RESULT err=0 tag=101 nentries=0 etime=0 [28/Jul/2012:19:18:48 +0100] conn=141 op=3 UNBIND [28/Jul/2012:19:18:48 +0100] conn=141 op=3 fd=69 closed - U1 do know where is the problem but its not working On Sat, Jul 28, 2012 at 7:13 PM, Grzegorz Dwornicki <gd1100@xxxxxxxxx> wrote: > Do you have nss_ldap installed? > > 28-07-2012 18:58, "Fosiul Alam" <fosiul@xxxxxxxxx> napisał(a): > >> hi yes.. i am not using ip . i am using fully host name >> >> this is my nsswitch >> >> cat /etc/nsswitch.conf >> # >> # /etc/nsswitch.conf >> # >> # An example Name Service Switch config file. This file should be >> # sorted with the most-used services at the beginning. >> # >> # The entry '[NOTFOUND=return]' means that the search for an >> # entry should stop if the search in the previous entry turned >> # up nothing. Note that if the search failed due to some other reason >> # (like no NIS server responding) then the search continues with the >> # next entry. >> # >> # Legal entries are: >> # >> # nisplus or nis+ Use NIS+ (NIS version 3) >> # nis or yp Use NIS (NIS version 2), also called YP >> # dns Use DNS (Domain Name Service) >> # files Use the local files >> # db Use the local database (.db) files >> # compat Use NIS on compat mode >> # hesiod Use Hesiod for user lookups >> # [NOTFOUND=return] Stop searching if not found so far >> # >> >> # To use db, put the "db" in front of "files" for entries you want to be >> # looked up first in the databases >> # >> # Example: >> #passwd: db files nisplus nis >> #shadow: db files nisplus nis >> #group: db files nisplus nis >> >> passwd: files ldap >> shadow: files ldap >> group: files ldap >> >> #hosts: db files nisplus nis dns >> hosts: files dns >> >> # Example - obey only what nisplus tells us... >> #services: nisplus [NOTFOUND=return] files >> #networks: nisplus [NOTFOUND=return] files >> #protocols: nisplus [NOTFOUND=return] files >> #rpc: nisplus [NOTFOUND=return] files >> #ethers: nisplus [NOTFOUND=return] files >> #netmasks: nisplus [NOTFOUND=return] files >> >> bootparams: nisplus [NOTFOUND=return] files >> >> ethers: files >> netmasks: files >> networks: files >> protocols: files >> rpc: files >> services: files >> >> netgroup: files ldap >> >> publickey: nisplus >> >> automount: files ldap >> aliases: files nisplus >> >> sudoers: files ldap >> >> >> and /etc/ldap >> >> [root@home cacerts]# grep -v "^#" /etc/ldap.conf | sed -e '/^$/d' >> base dc=fosiul,dc=lan >> >> timelimit 120 >> bind_timelimit 120 >> idle_timelimit 3600 >> #nss_base_passwd ou=users,l=uk,dc=fosiul,dc=lan,?one >> nss_initgroups_ignoreusers >> >> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm >> uri ldap://ldap-2.fosiul.lan/ >> ssl start_tls >> tls_cacertfile /etc/openldap/cacerts/ds-ca.crt >> pam_password clear >> >> >> On Sat, Jul 28, 2012 at 5:23 PM, Grzegorz Dwornicki <gd1100@xxxxxxxxx> >> wrote: >> > I assume you are using TLS. You need to use fqdn not ip of centos >> > directory >> > server, configure firewall for 389 or 636 port. >> > >> > Please send content of /etc/nsswitch.conf and /etc/ldap.conf >> > >> > 28-07-2012 18:13, "Fosiul Alam" <fosiul@xxxxxxxxx> napisał(a): >> > >> >> Hi >> >> I configured another pc >> >> with authconfig-tui >> >> but there is not any luck >> >> its same thing .. >> >> >> >> Fosiul >> >> >> >> On Sat, Jul 28, 2012 at 4:04 PM, Grzegorz Dwornicki <gd1100@xxxxxxxxx> >> >> wrote: >> >> > In other mail I've told you: use authconfig or authconfig-tui or >> >> > system-config-authentication to setup system for ldap authentication. >> >> > For >> >> > example authconfig-tui has simple text-based interface, authconfig is >> >> > CLI >> >> > based and require arguments. Finally system-config-authentication has >> >> > gui. >> >> > >> >> > 28-07-2012 16:50, "Fosiul Alam" <fosiul@xxxxxxxxx> napisał(a): >> >> >> >> >> >> Hi >> >> >> I have setup ldap server and from client its returning example : >> >> >> >> >> >> [root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx >> >> >> -h >> >> >> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" >> >> >> # extended LDIF >> >> >> # >> >> >> # LDAPv3 >> >> >> # base <dc=fosiul,dc=lan> with scope subtree >> >> >> # filter: (cn=Fosiul Alam) >> >> >> # requesting: ALL >> >> >> # >> >> >> >> >> >> # falam, users, uk, fosiul.lan >> >> >> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan >> >> >> givenName: Fosiul >> >> >> sn: Alam >> >> >> loginShell: /bin/bash/bash >> >> >> uidNumber: 1000 >> >> >> gidNumber: 3000 >> >> >> objectClass: top >> >> >> objectClass: person >> >> >> objectClass: organizationalPerson >> >> >> objectClass: inetorgperson >> >> >> objectClass: posixAccount >> >> >> uid: falam >> >> >> cn: Fosiul Alam >> >> >> homeDirectory: /home/falam >> >> >> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ= >> >> >> = >> >> >> >> >> >> # search result >> >> >> search: 3 >> >> >> result: 0 Success >> >> >> >> >> >> # numResponses: 2 >> >> >> # numEntries: 1 >> >> >> >> >> >> and in the access log : >> >> >> >> >> >> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from >> >> >> 192.0.0.4 to 192.0.0.9 >> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT >> >> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS" >> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120 >> >> >> nentries=0 etime=0 >> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES >> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory >> >> >> manager" method=128 version=3 >> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97 >> >> >> nentries=0 etime=0 dn="cn=directory manager" >> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH >> >> >> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL >> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101 >> >> >> nentries=1 etime=0 >> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND >> >> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1 >> >> >> >> >> >> >> >> >> But From command line , when i do >> >> >> [root@home ~]# id falam >> >> >> id: falam: No such user >> >> >> >> >> >> >> >> >> >> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from >> >> >> 192.0.0.4 to 192.0.0.9 >> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT >> >> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS" >> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120 >> >> >> nentries=0 etime=0 >> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES >> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128 >> >> >> version=3 >> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97 >> >> >> nentries=0 etime=0 dn="" >> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH >> >> >> base="dc=fosiul,dc=lan" scope=2 >> >> >> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid >> >> >> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos >> >> >> description objectClass" >> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101 >> >> >> nentries=0 etime=0 >> >> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1 >> >> >> >> >> >> >> >> >> So basically, ldapsearch is working but authentication is not >> >> >> working >> >> >> .. >> >> >> >> >> >> Can any one please help me with this . >> >> >> and i am using Centos 5.8 >> >> >> >> >> >> Fosiul. >> >> >> -- >> >> >> 389 users mailing list >> >> >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> >> >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> >> > >> >> > >> >> > -- >> >> > 389 users mailing list >> >> > 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> >> > https://admin.fedoraproject.org/mailman/listinfo/389-users >> >> >> >> >> >> >> >> -- >> >> Regards >> >> Fosiul Alam >> >> 07877100621 >> >> http://www.fosiul.co.uk >> >> -- >> >> 389 users mailing list >> >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > >> > >> > -- >> > 389 users mailing list >> > 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> > https://admin.fedoraproject.org/mailman/listinfo/389-users >> >> >> >> -- >> Regards >> Fosiul Alam >> 07877100621 >> http://www.fosiul.co.uk >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- Regards Fosiul Alam 07877100621 http://www.fosiul.co.uk -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
