Hi,
our production server is still running 2.4.21 and does not use pts, but I set up a new server on CentOS 8, first with 3.2, now with 3.4beta, and that does use ldap pts successfully.
But I think there are multiple ways to use pts, so maybe there is a difference between our setups? FWIW, I have this:
pts_module: ldap
auth_mech: pts
ldap_base: ou=…
ldap_sasl: no
ldap_bind_dn: cn=…
ldap_password: XXX
ldap_uri: ldaps://xxx
ldap_filter: (|(uid=%u)(mail=%u))
ldap_user_attribute: uid
ldap_size_limit: 100
ldap_member_method: attribute
ldap_member_attribute: member
Does your LDAP server log show anything?
--
.:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:.
.:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
On 2 Mar 2021, at 5:20, Dan Irwin wrote:
Hello,I have a server running 2.4.17 (from CentOS 7) with ldap pts authorisation working fine.When a user authenticates and authorises, i see a log like:canonified $user -> $user.I've tried to copy this config to servers running CentOS 8 and Fedora 33, and I'm not having any luck. The versions here are 3.0.16, and the error isptload(): bad response from ptloader server: ldap_search(filter) faile.I am testing with locally built 3.2.4 and I'm seeing the same error message.I am using the same ldap cluster and schema from both the 2.4.17 and 3.x servers.ptloader is running with -d1, and I can see the "user cyrus" from the logs.Has something changed significantly between versions 2.4 and 3 regarding ptloader and ldap?How can I turn up the debugging on ptloader? I've tried (-d255) but I'm not seeing any more data logged.Is ptloader failing to connect to LDAP perhaps because of TLS improvements in recent versions of CentOS and fedora?Any pointers would be appreciated.Cheers
Attachment:
smime.p7s
Description: S/MIME digital signature