On Fri, Jun 19, 2009 at 2:09 PM, <[email protected]> wrote: >>On Tue, Jun 16, 2009 at 5:36 PM, <[email protected]> wrote: >>> Hello, >>> >>> I try to authenticate my users with ldap on cobbler (1.6.2-1.el5). >>> It's ok if I use following parameters : >>> >>> ldap_server: "ldap.example.com" >>> ldap_base_dn: "ou=people,dc=example,dc=com" >>> ldap_port: 389 >>> ldap_tls: 1 >>> ldap_anonymous_bind: 1 >>> ldap_search_bind_dn: '' >>> ldap_search_passwd: '' >>> ldap_search_prefix: 'uid=' >>> >>> On the ldap server side I have : >>> >>> ?slapd[12978]: conn=98188 fd=45 ACCEPT from IP=172.24.113.35:58129 >>> (IP=0.0.0.0:389) >>> ?slapd[12978]: conn=98188 op=0 STARTTLS >>> ?slapd[12978]: conn=98188 op=0 RESULT oid= err=0 text= >>> ?slapd[12978]: conn=98188 fd=45 TLS established tls_ssf=256 ssf=256 >>> >>> But it's not working when I use ldaps. >>> >>> With following parameters : >>> >>> ldap_server: "ldap.example.com" >>> ldap_base_dn: "ou=people,dc=example,dc=com" >>> ldap_port: 636 >>> ldap_tls: 1 >>> ldap_anonymous_bind: 1 >>> ldap_search_bind_dn: '' >>> ldap_search_passwd: '' >>> ldap_search_prefix: 'uid=' >>> >>> The demo_connect python script raises this error : >>> >>> # python /tmp/demo_connect.py --user=USER >>> - trying to login with user=USER >>> Traceback (most recent call last): >>> ?File "/tmp/demo_connect.py", line 37, in ? >>> ? ?token = sp.login(options.user,options.password) >>> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__ >>> ? ?return self.__send(self.__name, args) >>> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request >>> ? ?verbose=self.__verbose >>> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 1147, in request >>> ? ?return self._parse_response(h.getfile(), sock) >>> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 1286, in _parse_response >>> ? ?return u.close() >>> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 744, in close >>> ? ?raise Fault(**self._stack[0]) >>> xmlrpclib.Fault: <Fault 1: 'exceptions.IOError:[Errno 9] Bad file >>> descriptor'> >>> >>> And with following parameters : >>> >>> ldap_server: "ldap.example.com" >>> ldap_base_dn: "ou=people,dc=example,dc=com" >>> ldap_port: 636 >>> ldap_tls: 0 >>> ldap_anonymous_bind: 1 >>> ldap_search_bind_dn: '' >>> ldap_search_passwd: '' >>> ldap_search_prefix: 'uid=' >>> >>> I obtain this error : >>> >>> # python /tmp/demo_connect.py --user=USER >>> - trying to login with user=USER >>> Traceback (most recent call last): >>> ?File "/tmp/demo_connect.py", line 37, in ? >>> ? ?token = sp.login(options.user,options.password) >>> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__ >>> ? ?return self.__send(self.__name, args) >>> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request >>> ? ?verbose=self.__verbose >>> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 1147, in request >>> ? ?return self._parse_response(h.getfile(), sock) >>> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 1286, in _parse_response >>> ? ?return u.close() >>> ?File "/usr/lib64/python2.4/xmlrpclib.py", line 744, in close >>> ? ?raise Fault(**self._stack[0]) >>> xmlrpclib.Fault: <Fault 1: 'ldap.SERVER_DOWN:{\'desc\': "Can\'t contact >>> LDAP server"}'> >>> >>> On the ldap server side I have : >>> >>> ?slapd[12978]: conn=98193 fd=45 ACCEPT from IP=172.24.113.35:40328 >>> (IP=0.0.0.0:636) >>> ?slapd[12978]: conn=98193 fd=45 closed (TLS negotiation failure) >>> >>> I read on the mailing list that somebody had a similar problem on Active >>> Directory but I haven't found the solution. >>> Thanks for your help. >>> >> >>Is your openldap server listening on port 636? On Rhel and Fedora you >>have to enable that in /etc/sysconfig/ldap. >> >>Ruben >> > > Hello, > > Yes my openldap server listens on port 636 : a connection is properly > opened but is closed because of TLS negotiation failure. > LDAPS works well for authenticate my users on their own systems. > > Jérémy > > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler >
I've just tried the same, and was able to connect with demo.py over port 636. You're saying the connection was closed because of TLS negotation failure. It shouldn't use TLS but SSL. Are you sure ldap_tls is 0 in /etc/cobbler/settings? Ruben _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
