Re: Issue upgrading openldap-clients from 2.4.19-15 to 2.4.23-20

Wed, 23 May 2012 10:26:29 -0700 

On 05/23/2012 10:37 AM, Esther Garcia wrote:

Hi all,
We have an OpenLDAP server (RHEL6) running version 2.4.23-15, and we have clients in RHEL5 and RHEL6. With clients in RHEL5 works properly but I found some problems with RHEL6 clients in versions newer than 2.4.19-15.
In the clients, if I try to upgrade to new versions than 2.4.19-15 then the client stops working: 

    [root@XX ~]# rpm -qa | grep openldap
    openldap-2.4.19-15.el6.x86_64
    openldap-clients-2.4.19-15.el6.x86_64
    [root@XX ~]# ldapsearch -x -D 'cn=authenticate, ou=System,dc=test,
    dc=es' '(objectclass=*)' -W -ZZ
    Enter LDAP Password:
    # extended LDIF
    #
    # LDAPv3
    ......
    [root@XX ~]# id esther
    uid=63004(esther) gid=50041(test) groups=50041(test)

    [root@XX ~]# yum upgrade openldap*
    .....
Updating : openldap-2.4.23-20.el6.x86_64 1/4 
    warning: /etc/openldap/ldap.conf created as
    /etc/openldap/ldap.conf.rpmnew
Updating : openldap-clients-2.4.23-20.el6.x86_64 2/4 Cleanup : openldap-clients-2.4.19-15.el6.x86_64 3/4 Cleanup : openldap-2.4.19-15.el6.x86_64 4/4 

    Updated:
openldap.x86_64 0:2.4.23-20.el6 openldap-clients.x86_64 0:2.4.23-20.el6 

    Complete!

    [root@XX ~]# service nslcd restart
    Stopping nslcd:                                            [  OK  ]
    Starting nslcd:                                            [  OK  ]
    [root@XX ~]# id esther
    id: esther: No such user
    [root@XX ~]# ldapsearch -x -D 'cn=authenticate, ou=System,dc=test,
    dc=es' '(objectclass=*)' -W -ZZ
    ldap_start_tls: Connect error (-11)



try adding -d 1 - ldapsearch -d 1 -x ....
I have the same configuration files that used with the older version. I use these configuration files: 

    */etc/pam_ldap.conf:*
    base dc=test,dc=es
    binddn cn=authenticate,ou=System,dc=test,dc=es
    bindpw XXXX
    timelimit 120
    bind_timelimit 120
    idle_timelimit 3600
    pam_lookup_policy yes
    pam_password exop
    nss_initgroups_ignoreusers
    
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
    ssl start_tls
    uri ldap://ldap1-test ldap://ldap2-test
    tls_cacertdir /etc/openldap/cacerts
    pam_password md5

    */etc/nslcd.conf*
    uid nslcd
    gid ldap
    uri ldap://ldap1-test ldap://ldap2-test
    base dc=test,dc=es
    binddn cn=authenticate,ou=System,dc=test,dc=es
    bindpw XXXX
    ssl start_tls
    tls_cacertdir /etc/openldap/cacerts
    timelimit 120
    bind_timelimit 120
    idle_timelimit 3600

    */etc/openldap/ldap.conf:*
    URI ldap://ldap1-test/ ldap://ldap2-test/
    BASE dc=test,dc=es
    TLS_CACERT /etc/openldap/cacerts/catest.crt

    *CAcert file:*

    [root@XX ~]# ls -l /etc/openldap/cacerts/catest.crt
    -rw-r--r--. 1 root root 1655 May 23 15:23
    /etc/openldap/cacerts/catest.crt

Any idea on what the issue is? Am I missing anything?


Thanks in advance,
Esther

Reply via email to