Hi, our production server is still running 2.4.21 and does not use pts, but I set up a new server on CentOS 8, first with 3.2, now with 3.4beta, and that does use ldap pts successfully.
But I think there are multiple ways to use pts, so maybe there is a difference
between our setups? FWIW, I have this:
pts_module: ldap
auth_mech: pts
ldap_base: ou=…
ldap_sasl: no
ldap_bind_dn: cn=…
ldap_password: XXX
ldap_uri: ldaps://xxx
ldap_filter: (|(uid=%u)(mail=%u))
ldap_user_attribute: uid
ldap_size_limit: 100
ldap_member_method: attribute
ldap_member_attribute: member
Does your LDAP server log show anything?
--
.:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:.
.:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
On 2 Mar 2021, at 5:20, Dan Irwin wrote:
> Hello,
>
> I have a server running 2.4.17 (from CentOS 7) with ldap pts authorisation
> working fine.
>
> When a user authenticates and authorises, i see a log like:
>
> canonified $user -> $user.
>
> I've tried to copy this config to servers running CentOS 8 and Fedora 33,
> and I'm not having any luck. The versions here are 3.0.16, and the error is
>
> ptload(): bad response from ptloader server: ldap_search(filter) faile.
>
> I am testing with locally built 3.2.4 and I'm seeing the same error message.
>
> I am using the same ldap cluster and schema from both the 2.4.17 and 3.x
> servers.
>
> ptloader is running with -d1, and I can see the "user cyrus" from the logs.
>
> Has something changed significantly between versions 2.4 and 3 regarding
> ptloader and ldap?
>
> How can I turn up the debugging on ptloader? I've tried (-d255) but I'm not
> seeing any more data logged.
>
> Is ptloader failing to connect to LDAP perhaps because of TLS improvements
> in recent versions of CentOS and fedora?
>
> Any pointers would be appreciated.
>
> Cheers
>
> ------------------------------------------
> Cyrus: Info
> Permalink:
> https://cyrus.topicbox.com/groups/info/T5dce2ba474c35cfe-Mcc3df2457faa57ec27efdb51
> Delivery options: https://cyrus.topicbox.com/groups/info/subscription
smime.p7s
Description: S/MIME digital signature
This is a multi-part message in MIME format... ------------=_1614670530-38385-1--
