On Tue, Jun 16, 2009 at 5:36 PM, <[email protected]> wrote: > Hello, > > I try to authenticate my users with ldap on cobbler (1.6.2-1.el5). > It's ok if I use following parameters : > > ldap_server: "ldap.example.com" > ldap_base_dn: "ou=people,dc=example,dc=com" > ldap_port: 389 > ldap_tls: 1 > ldap_anonymous_bind: 1 > ldap_search_bind_dn: '' > ldap_search_passwd: '' > ldap_search_prefix: 'uid=' > > On the ldap server side I have : > > slapd[12978]: conn=98188 fd=45 ACCEPT from IP=172.24.113.35:58129 > (IP=0.0.0.0:389) > slapd[12978]: conn=98188 op=0 STARTTLS > slapd[12978]: conn=98188 op=0 RESULT oid= err=0 text= > slapd[12978]: conn=98188 fd=45 TLS established tls_ssf=256 ssf=256 > > But it's not working when I use ldaps. > > With following parameters : > > ldap_server: "ldap.example.com" > ldap_base_dn: "ou=people,dc=example,dc=com" > ldap_port: 636 > ldap_tls: 1 > ldap_anonymous_bind: 1 > ldap_search_bind_dn: '' > ldap_search_passwd: '' > ldap_search_prefix: 'uid=' > > The demo_connect python script raises this error : > > # python /tmp/demo_connect.py --user=USER > - trying to login with user=USER > Traceback (most recent call last): > File "/tmp/demo_connect.py", line 37, in ? > token = sp.login(options.user,options.password) > File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__ > return self.__send(self.__name, args) > File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request > verbose=self.__verbose > File "/usr/lib64/python2.4/xmlrpclib.py", line 1147, in request > return self._parse_response(h.getfile(), sock) > File "/usr/lib64/python2.4/xmlrpclib.py", line 1286, in _parse_response > return u.close() > File "/usr/lib64/python2.4/xmlrpclib.py", line 744, in close > raise Fault(**self._stack[0]) > xmlrpclib.Fault: <Fault 1: 'exceptions.IOError:[Errno 9] Bad file > descriptor'> > > And with following parameters : > > ldap_server: "ldap.example.com" > ldap_base_dn: "ou=people,dc=example,dc=com" > ldap_port: 636 > ldap_tls: 0 > ldap_anonymous_bind: 1 > ldap_search_bind_dn: '' > ldap_search_passwd: '' > ldap_search_prefix: 'uid=' > > I obtain this error : > > # python /tmp/demo_connect.py --user=USER > - trying to login with user=USER > Traceback (most recent call last): > File "/tmp/demo_connect.py", line 37, in ? > token = sp.login(options.user,options.password) > File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__ > return self.__send(self.__name, args) > File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request > verbose=self.__verbose > File "/usr/lib64/python2.4/xmlrpclib.py", line 1147, in request > return self._parse_response(h.getfile(), sock) > File "/usr/lib64/python2.4/xmlrpclib.py", line 1286, in _parse_response > return u.close() > File "/usr/lib64/python2.4/xmlrpclib.py", line 744, in close > raise Fault(**self._stack[0]) > xmlrpclib.Fault: <Fault 1: 'ldap.SERVER_DOWN:{\'desc\': "Can\'t contact > LDAP server"}'> > > On the ldap server side I have : > > slapd[12978]: conn=98193 fd=45 ACCEPT from IP=172.24.113.35:40328 > (IP=0.0.0.0:636) > slapd[12978]: conn=98193 fd=45 closed (TLS negotiation failure) > > I read on the mailing list that somebody had a similar problem on Active > Directory but I haven't found the solution. > Thanks for your help. >
Is your openldap server listening on port 636? On Rhel and Fedora you have to enable that in /etc/sysconfig/ldap. Ruben _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
