[Bug 75535] Re: cannot connect to ldap
closing per request ** Changed in: libnss-ldap (Ubuntu) Status: Unconfirmed = Rejected -- cannot connect to ldap https://launchpad.net/bugs/75535 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 75535] Re: cannot connect to ldap
I believe now this bug needs to be re-assigned to libpam-ldap. Doing some digging there now. I have tested the same config files on a separate Ubuntu Dapper client. Now auth.log complains only through pam_ldap: Dec 13 14:10:58 web1 sshd[10443]: pam_ldap: ldap_simple_bind Can't contact LDAP server Dec 13 14:11:00 web1 sshd[10443]: Failed password for mcgrof from 192.168.xxx.yyy port 44978 ssh2 This is repeated if I try to enter the password again. Note that ldapsearch and id -a mcgrof works well on this new client box: -- [EMAIL PROTECTED]:~# ldapsearch -x -H ldaps://dhcp1a.winlab.rutgers.edu -D uid=mcgrof,ou=People,dc=winlab,dc=rutgers,dc=edu -W -LLL cn=mc* dn Enter LDAP Password: dn: cn=mcgrof,ou=auto.home,dc=winlab,dc=rutgers,dc=edu dn: cn=mcyberey,ou=auto.home,dc=winlab,dc=rutgers,dc=edu -- [EMAIL PROTECTED]:~# id -a mcgrof uid=230(mcgrof) gid=5000(staff) groups=5000(staff),6000(sysadmin) -- -- cannot connect to ldap https://launchpad.net/bugs/75535 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 75535] Re: cannot connect to ldap
I've traced this down to pam_ldap.c:1537: syslog (LOG_ERR, pam_ldap: ldap_simple_bind %s, Which is called during _connect_anonymously(). going to check why this is failing... -- cannot connect to ldap https://launchpad.net/bugs/75535 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 75535] Re: cannot connect to ldap
OK the trace is _get_user_info() -- _connect_anonymously() Now, _connect_anonymously() will try to bind as root if if (session-conf-rootbinddn geteuid () == 0) For some reason it does this for any user trying to ssh in from anywhere. It does this with: msgid = ldap_simple_bind (session-ld, session-conf-rootbinddn, session-conf-rootbindpw); rootbinddn and rootbindpw are filled with the specific root bind credentials defined only in /etc/ldap/slapd.conf. Now to figure out: Why did the session pick up rootbinddn. getuid() == 0 makes sense as I believe this is sshd which makes the pam_ldap call through root. -- cannot connect to ldap https://launchpad.net/bugs/75535 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 75535] Re: cannot connect to ldap
Nevermind -- problem was /etc/pam_ldap.conf I know it has been discussed before on merging /etc/libnss_ldap.conf and /etc/pam_ldap.conf but boy it sure it would help. Close this bug please. -- cannot connect to ldap https://launchpad.net/bugs/75535 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs