Stuart Sears wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jyotishmaan Ray wrote: >> Hello All Openldap Experts, >> >> This is Jyotishmaan. I have >> successfully migrated the users from the Fedora-Linux System To LDAP >> server on the Linux-fedora again. All these users shows up on the GOOEY >> (GUI) of the Linux Fedora. >> When I tried to logonto the system >> through this GUI, as "ldapusr" and "jmaan" uid's, i could not log onto >> the system ie., the on LDAP server only. >> >> If i need to configure >> the /etc/ldap.conf file. Please let me know. The transcripts of the >> /var/log/messages are shown as below:- > > Hello Stuart Sears, > > Please look below for your reply:- > > 1. which (uncommented) lines are in /etc/ldap.conf at the moment? > > egrep -v '^($|#)' /etc/ldap.conf > > The ouput of this command is shown as below: > > [root@authdns ~]# egrep -v '^($|#)' /etc/ldap.conf > host 127.0.0.1 > base dc=nits,dc=ac,dc=in > ldap_version 3 > timelimit 120 > bind_timelimit 120 > bind_policy hard > idle_timelimit 3600 > nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon > uri ldap://127.0.0.1/ > ssl no > tls_cacertdir /etc/openldap/cacerts > pam_password md5 > [root@authdns ~]# > > > > 2. When you configured your client box to use your new LDAP server, how > did you do that? Using the GUI? > > The client has been configured by running the system-config-authentication > command and then configuring the ip address of the LDAP server machine. > Other than this not a single line has been changed in the client machine. > As of now i am trying to log onto the server machine where i am getting > unsuccessful bind and failed authentication as per the messages in > /var/log/messages file. > > > If so, make sure you have enabled LDAP on both the "User Information" > and "Authentication" tabs - otherwise you will be using LDAP as an NSS > service like NIS. > > Configuration of the server was through-system-config-authentication > command and the GUI as described below:- > > > /usr/bin/authconfig-tui" as root (without gui), or by calling the > call the gnome menu: system->administration->authentication? > > This worked fine in both ways. > > > 3. can you run ldapsearch using that username and password? > > Please can you through some lights on this few lines of ldapsearch > command. > > I tried usiing the following way: > > [root@authdns bin]# ldapsearch -x -W -D > 'uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in' Enter LDAP > Password: > ldap_bind: Invalid credentials (49) > after i typed the LDAP password of the Manager i got the error as cited > above. Hwever i also tried logging onto the server using jmaan's LDAP > password, but it didnt work. > > Please tell mw how to authenticate successfully. > > ldapsearch -xW -D > 'uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in' > - -h 'your.ldap.server' -b 'bn=compcen,dc=nits,dc=ac,dc=in' > > hwever i will try to do. > 4. also, what exactly is 'stornt=non-teach' ? I don't recognise that > > This is to distinguish whether an employee (staff) is an teaching type or > non-teaching type, hence the atribute "stornt". > attribute name. Are you using a custom schema? > > Yes, i am using a customised schema. > > 5. Have you looked in the logs on the LDAP server itself? You may want > to increase the loglevel (and maybe redirect local4.* to a separate > logfile) > > Yes, i have seen the logs on the LDAP server itself. The contents of the > /var/log/messages are as shown below:- > > Dec 11 11:12:49 authdns gdm[4091]: Couldn't authenticate user > Dec 11 11:12:59 authdns gdm[4091]: pam_ldap: error trying to bind as user > "uid=ldapusr,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in" (Invalid > credentials) > Dec 11 11:13:03 authdns gdm[4091]: Couldn't authenticate user > Dec 11 11:13:11 authdns gdm[4091]: pam_ldap: error trying to bind as user > "uid=ldapusr,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in" (Invalid > credentials) > Dec 11 11:13:14 authdns gdm[4091]: Couldn't authenticate user > Dec 11 11:13:19 authdns gconfd (root-4235): starting (version 2.18.0.1), > pid 4235 user 'root' > Dec 11 11:13:19 authdns gconfd (root-4235): Resolved address > "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration > source at position 0 > Dec 11 11:13:19 authdns gconfd (root-4235): Resolved address > "xml:readwrite:/root/.gconf" to a writable configuration source at > position 1 > Dec 11 11:13:19 authdns gconfd (root-4235): Resolved address > "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration > source at position 2 > Dec 11 11:13:19 authdns gconfd (root-4235): Resolved address > "xml:readwrite:/root/.gconf" to a writable configuration source at > position 0 > Dec 11 11:13:21 authdns setroubleshoot: [rpc.ERROR] attempt to open server > connection failed: (2, 'No such file or directory > > Please let me know what changes i have to make in my server machine. > > regards, > > Jyotishmaan > 91-9435554598 > City:Silchar, India > > Regards > > Stuart > - -- > Stuart Sears RHCA etc > "There's a very fine line between stupid and clever." > - Nigel Tufnel / Derek Smalls > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iD8DBQFHXAbwamPtx1brPQ4RAjJKAJ400eJbPHZdyy1CgM0HU+cddcr1eACfUtVK > aRjnGzKAvje9PK3Ujcx4t44= > =UBoy > -----END PGP SIGNATURE----- > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > > -- View this message in context: http://www.nabble.com/Openldap-Experts-tp14238310p14268772.html Sent from the Fedora List mailing list archive at Nabble.com.