So, I am using Apress¹ Pro Linux System Administration book to try to set up LDAP authentication for my Centos boxes.
I¹ve followed many HowTos and such, and finally have LDAP running and working. I have successfully used ldapsearch against the server, as well as using Jxplorer LDAP browser to connect and view/edit the directory. I¹m not having any luck getting LAM to connect, though. I¹ve installed LAM from the fedora RPMs on my Centos 5.5 64-bit box the same box that the LDAP process is running on. But no matter what I set my connection strings to, I get a variety of errors. I can¹t seem to find any useful error logs, though. I¹ve included my configs below and these are the connection strings (and the errors) that I¹ve tried. ldap://ldap.egovtn.org with TLS: LDAP error, server says: (-11) Connect error ldap://ldap.egovtn.org w/o TLS: LDAP error, server says: (13) Confidentiality required ldaps://ldap.egovtn.org with TLS: LDAP error, server says: (-1) Can't contact LDAP server ldaps://ldap.egovtn.org w/o TLS: LDAP error, server says: (-1) Can't contact LDAP server Adding port numbers doesn't change anything. The first one seems to be the ³closest² to working... For the record, here¹s how I connect with Jxplorer: Ldap.egovtn.org, port 636, base dn: dc=egovtn,dc=org, Security Level: SSL+User+Password, User: cn=root,dc=egovtn,dc=org IPTAPLES and all other system level things that could interfere seem to be off at the moment. Any thoughts or ideas would be appreciated. Hopefully I¹m just doing something noobish and stupid... Thanks! /etc/openldap/slapd.conf --------------------------------------- include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/egovtn.org.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args logfile /var/log/ldap Loglevel -1 modulepath /usr/lib64/openldap moduleload ppolicy.la sizelimit 500 tool-threads 1 TLSCipherSuite HIGH:MEDIUM:-SSLv2 TLSCACertificateFile /etc/pki_egovtn/egovtnca.crt TLSCertificateFile /etc/pki_egovtn/ldap.crt TLSCertificateKeyFile /etc/pki_egovtn/ldap.key security ssf=1 update_ssf=112 simple_bind=56 database hdb suffix "dc=egovtn,dc=org" rootdn "cn=root,dc=egovtn,dc=org" rootpw <passwd hash> directory /var/lib/ldap overlay ppolicy ppolicy_default "cn=default,ou=Policies,dc=egovtn,dc=org" ppolicy_use_lockout index objectClass eq index cn sub index uid,uidNumber eq,pres index egovtnActive eq,pres lastmod on checkpoint 512 30 include /etc/openldap/access.egovtn.org /etc/ldap.conf --------------------------------------- ssl no tls_cacertdir /etc/pki_egovtn/egovtnca.crt pam_password md5 LDAPTLS_CACERT /etc/pki_egovtn/egovtnca.crt Access.egovtn.org --------------------------------------- access to attrs=userPassword,shadowLastChange,entry by ssf=128 dn.exact="cn=webadmin,ou=meta,dc=egovtn,dc=org" auth by ssf=128 anonymous auth by ssf=128 self write access to dn.subtree="ou=meta,dc=egovtn,dc=org" by dn.exact="cn=webadmin,ou=meta,dc=egovtn,dc=org" read by group.exact="cn=admins,ou=Groups,dc=egovtn,dc=org" write by self read access to dn.subtree="ou=People,dc=egovtn,dc=org" by dn.exact="cn=webadmin,ou=meta,dc=egovtn,dc=org" read by group.exact="cn=admins,ou=Groups,dc=egovtn,dc=org" write by self write by users read access to dn.subtree="ou=Groups,dc=egovtn,dc=org" by dn.exact="cn=webadmin,ou=meta,dc=egovtn,dc=org" read by group.exact="cn=admins,ou=Groups,dc=egovtn,dc=org" write by anonymous read access to dn.subtree="ou=Hosts,dc=egovtn,dc=org" by group.exact="cn=admins,ou=Groups,dc=egovtn,dc=org" write by dn.exact="cn=webadmin,ou=meta,dc=egovtn,dc=org" search access to * by * none Lam.conf --------------------------------------- ServerURL: ldap://ldap.egovtn.org Admins: cn=root,dc=egovtn,dc=org Passwd: <password hash> treesuffix: dc=egovtn,dc=org defaultLanguage: en_GB.utf8:UTF-8:English (Great Britain) scriptPath: scriptServer: scriptRights: 750 cachetimeout: 5 searchLimit: 0 modules: posixAccount_minUID: 1000 modules: posixAccount_maxUID: 30000 modules: posixAccount_minMachine: 50000 modules: posixAccount_maxMachine: 60000 modules: posixGroup_minGID: 1000 modules: posixGroup_maxGID: 20000 modules: posixGroup_pwdHash: SSHA modules: posixAccount_pwdHash: SSHA activeTypes: user,group,host,smbDomain types: suffix_user: ou=People,dc=my-domain,dc=com types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber types: modules_user: inetOrgPerson,posixAccount,shadowAccount types: suffix_group: ou=Groups,dc=my-domain,dc=com types: attr_group: #cn;#gidNumber;#memberUID;#description types: modules_group: posixGroup types: suffix_host: ou=Hosts,dc=my-domain,dc=com types: attr_host: #cn;#description;#uidNumber;#gidNumber types: modules_host: account,posixAccount types: suffix_smbDomain: dc=egovtn,dc=org types: attr_smbDomain: sambaDomainName:Domain name;sambaSID:Domain SID types: modules_smbDomain: sambaDomain useTLS: yes accessLevel: 100 loginMethod: list loginSearchSuffix: dc=yourdomain,dc=org loginSearchFilter: uid=%USER% -- Andy Akins Director of Development NICUSA, Tennessee A Partnership with Tennessee.gov Phone: (615) 313-0305 Email: [email protected] Visit www.tn.gov - the official website of the State of Tennessee ***************************************************************** CONFIDENTIALITY NOTICE: This email and any attachments are confidential. If you are not the intended recipient, you do not have permission to disclose, copy, distribute, or open any attachments. If you have received this email in error, please notify us immediately by returning it to the sender and deleting this copy from your system. Thank you. NIC, Inc., Tennessee *****************************************************************
------------------------------------------------------------------------------
_______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
