From owner-freebsd-questions@FreeBSD.ORG Sat Oct 27 14:01:25 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B62A216A419 for ; Sat, 27 Oct 2007 14:01:25 +0000 (UTC) (envelope-from ohartman@mail.zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) by mx1.freebsd.org (Postfix) with ESMTP id 4589413C491 for ; Sat, 27 Oct 2007 14:01:25 +0000 (UTC) (envelope-from ohartman@mail.zedat.fu-berlin.de) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost1.zedat.fu-berlin.de (Exim 4.67) with esmtp (envelope-from ) id <1IlmE8-00059K-6b>; Sat, 27 Oct 2007 16:01:24 +0200 Received: from e178054104.adsl.alicedsl.de ([85.178.54.104] helo=thor.walstatt.dyndns.org) by inpost2.zedat.fu-berlin.de (Exim 4.67) with esmtpsa (envelope-from ) id <1IlmE8-0002mG-0h>; Sat, 27 Oct 2007 16:01:24 +0200 Message-ID: <47234574.6000201@mail.zedat.fu-berlin.de> Date: Sat, 27 Oct 2007 16:04:36 +0200 From: "O. Hartmann" User-Agent: Thunderbird 2.0.0.6 (X11/20070802) MIME-Version: 1.0 To: Alexandre Biancalana References: <471B7DCF.2020709@mail.zedat.fu-berlin.de> <20071025214852.GB1458@roadrunner.spoerlein.net> <47222F0D.70802@zedat.fu-berlin.de> <8e10486b0710261131n3b70d6cge8f193b72c96466d@mail.gmail.com> <47224AEB.6010402@zedat.fu-berlin.de> <8e10486b0710261512t348dbd1bgc9022201f60ba0ac@mail.gmail.com> In-Reply-To: <8e10486b0710261512t348dbd1bgc9022201f60ba0ac@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: 85.178.54.104 Cc: "O. Hartmann" , freebsd-questions@freebsd.org Subject: Re: OpenLDAP 2.3/pam_ldap/nss_ldap: not working in FreeBSD 7.0-PRE! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Oct 2007 14:01:25 -0000 Alexandre Biancalana wrote: > On 10/26/07, O. Hartmann wrote: > >> playing with ldapsearch gets results as expected. Doing ldapsearch witch >> -D and dn of the admin results in the whole DIT as expected, accessing >> the DIT with uid=user,ou=users,dc=... the same. Accessing LDAP server >> from client via LUMA (tool) is also ok. >> > > Try to change the nss_base_passwd line from: > > nss_base_passwd ou=users,dc=office,dc=de?one > > to > > nss_base_passwd ou=users,dc=office,dc=de?sub > Well, on a test machine, I setup a testenvironment equal or nearly equal to that which is not working on a potentially production box. First of all, I think there is a misunderstanding in how to setup /etc/nsswitch.conf, because most trouble seems to be sourced there. When setting # # nsswitch.conf(5) - name service switch configuration file # $FreeBSD: src/etc/nsswitch.conf,v 1.1 2006/05/03 15:14:47 ume Exp $ # group: files ldap group_compat: nis hosts: files dns networks: files passwd: files ldap passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: files restarting OpenLDAP results in this, but after two minutes or so it starts up (the time is inacceptable and it does not change anything reverting the order from 'files ldap' to 'ldap files' for passwd and group). The great question is: Do I need to have these entries? Neither in the nsswitch.conf manpage nor in nss_ldap manpage it's mentioned to set 'ldap' as an option, I took this from one of the many tutorials out there. Oct 27 15:55:27 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldapi://%2fvar%2frun%2fldapi_sock/: Can't contact LDAP server Oct 27 15:55:27 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldap:///: Can't contact LDAP server Oct 27 15:55:27 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldaps:///: Can't contact LDAP server Oct 27 15:55:27 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldapi://%2fvar%2frun%2fldapi_sock/: Can't contact LDAP server Oct 27 15:55:27 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldap:///: Can't contact LDAP server Oct 27 15:55:27 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldaps:///: Can't contact LDAP server Oct 27 15:55:27 <20.6> thor slapd[81911]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... Oct 27 15:55:31 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldapi://%2fvar%2frun%2fldapi_sock/: Can't contact LDAP server Oct 27 15:55:31 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldap:///: Can't contact LDAP server Oct 27 15:55:31 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldaps:///: Can't contact LDAP server Oct 27 15:55:31 <20.6> thor slapd[81911]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... Oct 27 15:55:39 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldapi://%2fvar%2frun%2fldapi_sock/: Can't contact LDAP server Oct 27 15:55:39 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldap:///: Can't contact LDAP server Oct 27 15:55:39 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldaps:///: Can't contact LDAP server Oct 27 15:55:39 <20.6> thor slapd[81911]: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)... Oct 27 15:55:55 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldapi://%2fvar%2frun%2fldapi_sock/: Can't contact LDAP server Oct 27 15:55:55 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldap:///: Can't contact LDAP server Oct 27 15:55:55 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldaps:///: Can't contact LDAP server Oct 27 15:55:55 <20.6> thor slapd[81911]: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)... Oct 27 15:56:27 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldapi://%2fvar%2frun%2fldapi_sock/: Can't contact LDAP server Oct 27 15:56:27 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldap:///: Can't contact LDAP server Oct 27 15:56:27 <20.6> thor slapd[81911]: nss_ldap: failed to bind to LDAP server ldaps:///: Can't contact LDAP server Oct 27 15:56:27 <20.6> thor slapd[81911]: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)...