[plug] Strange LDAP issues
Craig Ringer
craig at postnewspapers.com.au
Mon May 30 01:16:17 WST 2005
On Sun, 2005-05-29 at 22:37 +0800, Timothy White wrote:
> At the recent Workshop I managed to get LDAP partially working with
> lots of help from kind people.
> Unfortunately it's still doing something weird. As I'm not 100% sure
> of what logging setting I should set slapd at to get useful
> information I'm not going to try and debug slapd as I know it /should/
> do recursive searches so I should have no problems.
> I currently only have 1 user in LDAP (uid=dwhite,ou=People,dc=white,dc=lan)
> $ldapsearch -x -D "uid=dwhite,ou=People,dc=white,dc=lan" -W
> Enter LDAP Password:
> ....
> Works fine.
> But PAM/NSS and any other program using PAM auth fails to auth with
> the ldap server. [1]
If I recall correctly, NSS finds the user fine in the directory, the
problem is *just* PAM auth - right? After all, you can `id username' if
username is only defined in LDAP, and it finds the user fine.
Given the point you were at, I'd be inclined to sit down and:
(a) stop slapd, then run it in debug mode in a terminal (see the "-d"
argument in "man slapd")
(b) run a tcpdump on the loopback interface and see if the LDAP traffic
tells you anything interesting.
I find tcpdump (well, Ethereal, really) to be the single most useful
OpenLDAP debugging tool. The actual tools are REALLY unhelpful with
logging etc in my experience.
Sorry I couldn't help you more on the day, but we did get started on it
pretty late :-P
--
Craig Ringer
More information about the plug
mailing list