Re: [SLE] SuSE 9.1, OpenLDAP fine as user ldap, OpenLDAP/TLS only works as user root

From: Jason Joines (support_at_bus.okstate.edu)
Date: 07/01/05

  • Next message: r: "[SLE] Dead Linux machines" 
    Date: Fri, 01 Jul 2005 12:13:29 -0500
To: suse-linux-e@suse.com

    Heinzmann, Robert wrote:

    >Hello,
    >
    >I've seen your post on
    >http://lists.suse.com/archive/suse-linux-e/2004-Oct/1152.html.
    >
    >Same problem here !!
    >
    >Same situation, If i run ldap as root everything is OK. As soon as I set
    >-u and -g ist not working -- MOST OF THE TIME!. Sometimes it works even
    >with -u ldap and -g ldap.
    >
    >Have you found a solution for the problem yet ? Unfortunately your
    >posting does not continue.
    >
    >Regards,
    >Robert

    Robert,

        Someone else contacted me with that same question a bit over a month
    ago. Here's the thread.

    Jason
    ===========

    >
    > -------- Original Message --------
    > Subject: Re: TLS/SSL error in OpenLDAP
    > Date: Mon, 16 May 2005 22:31:18 -0400
    > From: Prakash Velayutham
    > To: Jason Joines
    >
    >
    >
    >>>> Jason Joines 05/16/05 6:02 PM >>>
    >Prakash Velayutham wrote:
    >
    >> Jason Joines wrote:
    >>
    >>> Prakash Velayutham wrote:
    >>>
    >>>> Hi,
    >>>>
    >>>> I noticed your thread in suse-linux-e forum regarding the OpenLDAP
    >>>> SSL/TLS issues. I am having the same issues as you mention in that
    >>>> thread. Could you please let me know how you solved it?
    >>>> When I start slapd without -u or -g, I am able to ldapsearch with
    >-ZZ
    >>>> from a client successfully. But when I include the -u and -g (either
    >as
    >>>> root or as ldap user), ldapsearch with -ZZ fails.
    >>>>
    >>>> Thanks,
    >>>> Prakash
    >>>>
    >>>> SuSE-9.0 Prof
    >>>> openldap2-2.1.22-118
    >>>> openssl-0.9.7b-133
    >>>>
    >>>> Thanks,
    >>>> Prakash
    >>>>
    >>>>
    >>> Could you provide the date and subject of the original post. I
    >>> post a lot so I don't remember that one in particular and need to
    >>> look it up.
    >>>
    >>> Jason
    >>> ===========
    >>
    >>
    >> Date - Fri Oct 08 2004 - 19:32:13 CEST
    >> Subject - SuSE 9.1, OpenLDAP fine as user ldap, OpenLDAP/TLS only
    >> works as user root
    >>
    >> Thanks,
    >> Prakash
    >
    >
    > Sorry, been outta the office for awhile. I just now got to go back
    >and look at that thread. I can't remember doing anything to solve it.
    >However, I do still have a 9.1 box running OpenLDAP/TLS so maybe we can
    >compare settings and see if that helps.
    >
    >Jason
    >
    >Hi Jason,
    >
    >Thanks for the reply. I solved the issue. It was just that my Slave LDAP
    >server's /etc/ldap.conf was looking at itself for LDAP, but
    >/etc/openldap/ldap.conf was looking at Master LDAP server. Changed the
    >/etc/openldap/ldap.conf host entry and everything started working like a
    >charm.
    >
    >Prakash
    > 

    -- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com
  • Next message: r: "[SLE] Dead Linux machines"

    Relevant Pages

    • Re: Cant authenticate to LDAP domain with Redhat9
      ... I have tried authconfig and authconfig-gtk, ... config files, ... With those files back to my setting I can once log on as root. ... Cant authenticate to LDAP domain with Redhat9 ...
      (RedHat)
    • =?UTF-8?B?UmU6IFByb2dyYW1taWNhbGx5IHF1ZXJ5aW5nIHRoZSBnbG9iYWwgY2E=?= =?UTF-8?B?dGFsb2cg4oCTI
      ... The one exception would be if you had a root, child1, child2 and you wanted to connect to child2 from child1 then kerberos in the backend would route up through root and back down to child2 for auth. ... I will forget about WinNT as should everyone else who is dealing with AD. LDAP simply tells you to use the LDAP protocol, GC, tells you to use the LDAP protocol over port 3268. ... I believe that becomes "connect to LDAP port 3268 on any machine returned by the dns query domainname.com" but I would have to do a network trace to be positive. ... Binding to a GC in a child domain from a child domain does not rely on the presence of a DC in the root domain. ...
      (microsoft.public.windows.server.active_directory)
    • Re: Possibly Hacked
      ... reverted my changes since I was unable to get ldap up and running at the ... Simran Hansrai wrote: ... Not sure why the root partition would fill up since there ... >> was a lot of space when I left and this box only runs a web server ...
      (RedHat)
    • Re: samba/ldap/nss
      ... combination of samba and openldap. ... the ldap in sync. ... to only include root as a backup measure...but on the next upgrade they ... Now sudo requires two passwords to log in - any pointers for a debian ...
      (Debian-User)
    • Re: ldap auth with nss_ldap on FC4
      ... I can use LDAP to authenticate users ... >> If I uncomment the rootbinddn line, authentication fails. ... If you do that, the passwd command will not work, at least not for root. ...
      (Fedora)