Problem is solved. From the version 2.4.23-15 is mandatory to use option tls_cacertfile in nslcd.conf file, in older versions worked only using tls_cacertdir.
Regards, Esther 2012/5/24 Esther Garcia <[email protected]> > Hi Rich, > > Sorry I had a mistake in my ldapsearch. Ldapsearch is working but with it > does not found users using "id" command: > > [root@XX ~]# service nslcd restart > Stopping nslcd: [ OK ] > Starting nslcd: [ OK ] > [root@dc103 ~]# ldapsearch -x -D 'cn=authenticate, ou=System,dc=test, > dc=es' '(objectclass=*)' -W -ZZ > Enter LDAP Password: > # extended LDIF > # > [root@dc103 ~]# id esther > id: esther: No such user > > And I have these entries in nsswitch: > > [root@XX ~]# grep ldap /etc/nsswitch.conf > passwd: files ldap > shadow: files ldap > group: files ldap > > Errors in messages log when I try this "id" search: > > May 24 10:50:09 XX nslcd[4612]: [8e1f29] no available LDAP server found > May 24 10:50:09 XX nslcd[4612]: [8e1f29] no available LDAP server found > May 24 10:50:09 XX nslcd[4612]: [e87ccd] no available LDAP server found > May 24 10:50:09 XX nslcd[4612]: [e87ccd] no available LDAP server found > May 24 10:50:11 XX nslcd[4612]: [1b58ba] ldap_start_tls_s() failed: > Connect error (uri="ldap://ldap1-test";) > May 24 10:50:11 XX nslcd[4612]: [1b58ba] failed to bind to LDAP server > ldap://ldap1-test: Connect error > May 24 10:50:11 XX nslcd[4612]: [1b58ba] ldap_start_tls_s() failed: > Connect error (uri="ldap://ldap2-test";) > May 24 10:50:11 XX nslcd[4612]: [1b58ba] failed to bind to LDAP server > ldap://ldap2-test: Connect error > May 24 10:50:11 XX nslcd[4612]: [1b58ba] no available LDAP server found > > In version 2.4.19-15 I don't see this issue. > > TIA, > Esther > > 2012/5/23 Rich Megginson <[email protected]> > >> On 05/23/2012 10:37 AM, Esther Garcia wrote: >> >> Hi all, >> >> We have an OpenLDAP server (RHEL6) running version 2.4.23-15, and we >> have clients in RHEL5 and RHEL6. >> With clients in RHEL5 works properly but I found some problems with RHEL6 >> clients in versions newer than 2.4.19-15. >> >> In the clients, if I try to upgrade to new versions than 2.4.19-15 then >> the client stops working: >> >> [root@XX ~]# rpm -qa | grep openldap >> openldap-2.4.19-15.el6.x86_64 >> openldap-clients-2.4.19-15.el6.x86_64 >> [root@XX ~]# ldapsearch -x -D 'cn=authenticate, ou=System,dc=test, >> dc=es' '(objectclass=*)' -W -ZZ >> Enter LDAP Password: >> # extended LDIF >> # >> # LDAPv3 >> ...... >> [root@XX ~]# id esther >> uid=63004(esther) gid=50041(test) groups=50041(test) >> >> [root@XX ~]# yum upgrade openldap* >> ..... >> Updating : openldap-2.4.23-20.el6.x86_64 >> >> 1/4 >> warning: /etc/openldap/ldap.conf created as >> /etc/openldap/ldap.conf.rpmnew >> Updating : openldap-clients-2.4.23-20.el6.x86_64 >> >> 2/4 >> Cleanup : openldap-clients-2.4.19-15.el6.x86_64 >> >> 3/4 >> Cleanup : openldap-2.4.19-15.el6.x86_64 >> >> 4/4 >> >> Updated: >> openldap.x86_64 0:2.4.23-20.el6 >> openldap-clients.x86_64 0:2.4.23-20.el6 >> >> >> Complete! >> >> [root@XX ~]# service nslcd restart >> Stopping nslcd: [ OK ] >> Starting nslcd: [ OK ] >> [root@XX ~]# id esther >> id: esther: No such user >> [root@XX ~]# ldapsearch -x -D 'cn=authenticate, ou=System,dc=test, >> dc=es' '(objectclass=*)' -W -ZZ >> ldap_start_tls: Connect error (-11) >> >> >> try adding -d 1 - ldapsearch -d 1 -x .... >> >> >> I have the same configuration files that used with the older version. I >> use these configuration files: >> >> */etc/pam_ldap.conf:* >> base dc=test,dc=es >> binddn cn=authenticate,ou=System,dc=test,dc=es >> bindpw XXXX >> timelimit 120 >> bind_timelimit 120 >> idle_timelimit 3600 >> pam_lookup_policy yes >> pam_password exop >> nss_initgroups_ignoreusers >> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm >> ssl start_tls >> uri ldap://ldap1-test ldap://ldap2-test >> tls_cacertdir /etc/openldap/cacerts >> pam_password md5 >> >> */etc/nslcd.conf* >> uid nslcd >> gid ldap >> uri ldap://ldap1-test ldap://ldap2-test >> base dc=test,dc=es >> binddn cn=authenticate,ou=System,dc=test,dc=es >> bindpw XXXX >> ssl start_tls >> tls_cacertdir /etc/openldap/cacerts >> timelimit 120 >> bind_timelimit 120 >> idle_timelimit 3600 >> >> */etc/openldap/ldap.conf:* >> URI ldap://ldap1-test/ ldap://ldap2-test/ >> BASE dc=test,dc=es >> TLS_CACERT /etc/openldap/cacerts/catest.crt >> >> *CAcert file:* >> >> [root@XX ~]# ls -l /etc/openldap/cacerts/catest.crt >> -rw-r--r--. 1 root root 1655 May 23 15:23 >> /etc/openldap/cacerts/catest.crt >> >> Any idea on what the issue is? Am I missing anything? >> >> >> Thanks in advance, >> Esther >> >> >> >> >> >
