Hi Peter :) My first advice is that when you change something in the configuration, you should check that the change you have made actually works, instead of trying to test the whole thing at once and hoping it all magically works :)
On Mon, Nov 16, 2009 at 9:31 AM, Peter Roots <peter.ro...@dcmc.or.tz> wrote: > I have tried the following variations as well > on the server I edited /etc/default/slapd to change SLAPD_SERVICES to use > ldap://0.0,0,0 (as it was originally) instead of 0.0.0.0:389 I also tried > 192.168.1.7 with and without the port (that being the ip of the server > on the client I reconfigured auth-client-config to use ldap://192.168.1.7:389 > or > just ldap://192.168.1.7 > my client authorization log shows that the ldap server is not available Either 0.0.0.0 or 0.0.0.0:389 should be ok, but you should restart the slapd server using sudo /etc/init.d/slapd restart afterwards to make the changes take effect. Once you have restarted the server you can run 'sudo netstat -ltnp' to check that slapd is actually listening in 0.0.0.0. Once you verify this, there is no need to change anything else in this regard because you know for sure that that part is working properly :) > I tried (on the server) to run ldapsearch but that expects authorization, > which fails with both the admin password I was asked for on installation and > the password stored in /var/lib/ebox/conf/ebox-ldap.passwd The problem is most likely that you are probably failing to provide the administrator user it should connect with. >From the client, if you install ldap-utils, you can check the user and password running ldapsearch like this: % ldapsearch -H ldap://192.168.122.132 -x -D 'cn=admin,dc=ebox' -w '13RTryOIU97ceNmW1BSplF9o4fSn5RmLytkqDZpuV8ooe2xlvplZl4g%KVA%lzGGq5eZB|iw4eOyeYBhpjD0pYJirIHMOSe6-TaMkpxJ4JlRCrTB3E-TAwbSOTr7sKdo' -b 'dc=ebox' '(uid=isaac)' 192.168.122.132 should be the IP address of your ebox (192.168.1.7 apparently). The long string is the password from /var/lib/ebox/conf/ebox-ldap.passwd and you can remove uid=isaac to see all the contents or specify any other username there to see that user's info. Once that command is working, you know the IP, the admin user ('cn=admin,dc=ebox'), the base 'dc=ebox' and the password, which is basically all the data you need to know. Then it's just a matter of following any of the howtos available about how to enable LDAP authentication in linux, for example: http://mcwhirter.com.au/craige/blog/2006/Making-a-Debian-or-Ubuntu-Machine-an-LDAP-Authentication-Client Let us know if you have any additional problems. Cheers! -- Isaac Clerencia - Developer is...@ebox-technologies.com eBox - Computer Networks Made Easy! eBox Technologies at www.ebox-technologies.com Download eBox at www.ebox-platform.com _______________________________________________ ebox-user mailing list ebox-user@lists.ebox-platform.com http://lists.ebox-platform.com/cgi-bin/mailman/listinfo/ebox-user
