>On Tue, Jun 16, 2009 at 5:36 PM, <[email protected]> wrote: >> Hello, >> >> I try to authenticate my users with ldap on cobbler (1.6.2-1.el5). >> It's ok if I use following parameters : >> >> ldap_server: "ldap.example.com" >> ldap_base_dn: "ou=people,dc=example,dc=com" >> ldap_port: 389 >> ldap_tls: 1 >> ldap_anonymous_bind: 1 >> ldap_search_bind_dn: '' >> ldap_search_passwd: '' >> ldap_search_prefix: 'uid=' >> >> On the ldap server side I have : >> >> ?slapd[12978]: conn=98188 fd=45 ACCEPT from IP=172.24.113.35:58129 >> (IP=0.0.0.0:389) >> ?slapd[12978]: conn=98188 op=0 STARTTLS >> ?slapd[12978]: conn=98188 op=0 RESULT oid= err=0 text= >> ?slapd[12978]: conn=98188 fd=45 TLS established tls_ssf=256 ssf=256 >> >> But it's not working when I use ldaps. >> >> With following parameters : >> >> ldap_server: "ldap.example.com" >> ldap_base_dn: "ou=people,dc=example,dc=com" >> ldap_port: 636 >> ldap_tls: 1 >> ldap_anonymous_bind: 1 >> ldap_search_bind_dn: '' >> ldap_search_passwd: '' >> ldap_search_prefix: 'uid=' >> >> The demo_connect python script raises this error : >> >> # python /tmp/demo_connect.py --user=USER >> - trying to login with user=USER >> Traceback (most recent call last): >> ?File "/tmp/demo_connect.py", line 37, in ? >> ? ?token = sp.login(options.user,options.password) >> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__ >> ? ?return self.__send(self.__name, args) >> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request >> ? ?verbose=self.__verbose >> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 1147, in request >> ? ?return self._parse_response(h.getfile(), sock) >> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 1286, in _parse_response >> ? ?return u.close() >> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 744, in close >> ? ?raise Fault(**self._stack[0]) >> xmlrpclib.Fault: <Fault 1: 'exceptions.IOError:[Errno 9] Bad file >> descriptor'> >> >> And with following parameters : >> >> ldap_server: "ldap.example.com" >> ldap_base_dn: "ou=people,dc=example,dc=com" >> ldap_port: 636 >> ldap_tls: 0 >> ldap_anonymous_bind: 1 >> ldap_search_bind_dn: '' >> ldap_search_passwd: '' >> ldap_search_prefix: 'uid=' >> >> I obtain this error : >> >> # python /tmp/demo_connect.py --user=USER >> - trying to login with user=USER >> Traceback (most recent call last): >> ?File "/tmp/demo_connect.py", line 37, in ? >> ? ?token = sp.login(options.user,options.password) >> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__ >> ? ?return self.__send(self.__name, args) >> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request >> ? ?verbose=self.__verbose >> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 1147, in request >> ? ?return self._parse_response(h.getfile(), sock) >> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 1286, in _parse_response >> ? ?return u.close() >> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 744, in close >> ? ?raise Fault(**self._stack[0]) >> xmlrpclib.Fault: <Fault 1: 'ldap.SERVER_DOWN:{\'desc\': "Can\'t contact >> LDAP server"}'> >> >> On the ldap server side I have : >> >> ?slapd[12978]: conn=98193 fd=45 ACCEPT from IP=172.24.113.35:40328 >> (IP=0.0.0.0:636) >> ?slapd[12978]: conn=98193 fd=45 closed (TLS negotiation failure) >> >> I read on the mailing list that somebody had a similar problem on Active >> Directory but I haven't found the solution. >> Thanks for your help. >> > >Is your openldap server listening on port 636? On Rhel and Fedora you >have to enable that in /etc/sysconfig/ldap. > >Ruben >
Hello, Yes my openldap server listens on port 636 : a connection is properly opened but is closed because of TLS negotiation failure. LDAPS works well for authenticate my users on their own systems. Jérémy _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
