From owner-freebsd-questions@FreeBSD.ORG Sun Oct 21 16:40:29 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A975616A421; Sun, 21 Oct 2007 16:40:29 +0000 (UTC) (envelope-from ohartman@mail.zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) by mx1.freebsd.org (Postfix) with ESMTP id 1B25713C4B6; Sun, 21 Oct 2007 16:40:28 +0000 (UTC) (envelope-from ohartman@mail.zedat.fu-berlin.de) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost1.zedat.fu-berlin.de (Exim 4.67) with esmtp (envelope-from ) id <1Ijdal-0001jZ-2E>; Sun, 21 Oct 2007 18:23:55 +0200 Received: from e178007237.adsl.alicedsl.de ([85.178.7.237] helo=thor.walstatt.dyndns.org) by inpost2.zedat.fu-berlin.de (Exim 4.67) with esmtpsa (envelope-from ) id <1Ijdak-0005SS-Vp>; Sun, 21 Oct 2007 18:23:55 +0200 Message-ID: <471B7DCF.2020709@mail.zedat.fu-berlin.de> Date: Sun, 21 Oct 2007 18:26:55 +0200 From: "O. Hartmann" User-Agent: Thunderbird 2.0.0.6 (X11/20070802) MIME-Version: 1.0 To: freebsd-questions@freebsd.org, freebsd-ports@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: 85.178.7.237 Cc: Subject: OpenLDAP 2.3/pam_ldap/nss_ldap: not working in FreeBSD 7.0-PRE! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Oct 2007 16:40:29 -0000 For weeks now I tried to get an OpenLDAP-server on a local FreeBSD 7.0-PRE box running, but with no success. Within the last 8 weeks I tried nearly EVERY tutorial and there explained setups, but whenever I try to authenticate or find an ID for an existing user in the DIT, I receive either errors that the client (pam/nss, ssh, id etc.) can not connect to the slapd running on the same machine. Calling ldapsearch from both the localhost running the slapd and from a client in the network runs well, I receive a dump of every object created in the LDAP tree. At this point it seems senseless to try out what's going wrong and I need some hints or tipps. I read about others successfully running OpenLDAP on FBSD 6 and 5, but no one seems running OpenLDAP based services on FBSD 7. In most cases when changing /etc/nsswitch.conf (renaming password/group: compat to password/group: files ldap as suggested in most of the tutorials) the box gets unusable running the request (eithe looking for an user id, starting a xterm, login in as root via console). Everything which seems to look for an user ID takes more than a minute to startup or dump errors. Even if I try to log in as a user that is only on local machine (root and a special user) it seems that fallback to 'files' doesn't work properly or the timeout takes thta long. I'm not a professional in OpenLDAP, but I tried several configs found in LinuxWiki on Gentoo or Debian boxes without problems. Even the simplest config seems not to work on FreeBSD 7! In many cases ACLs seem to be the culprit, but even setting 'access to * by * write' or configuring binddn and binddnpw in /usr/local/etc/ldap.conf and nss_ldap.conf as the same as the rootdn in slapd.conf doesn't work and results in the same problem. If anyone willing to help and running ldap services on a FreeBSD 7.0-PRE box, he or she is welcome! Thanks in advance, Oliver P.S. If someone wants me to offer config details and/or log excerpts, please contact me.