I thought I had this working, but it stopped...
I set up an Ubuntu 11.10 server with OpenSSH and OpenLDAP per the guide(s), community documentation, copious google searching, and forum searching..nothing suggested works, thus I presume it's something I'm overlooking being to close it working on it too long.
Everything seems to be in place on the server, "ldapsearch -H ldapi:/// -x -ZZZ" spits out the expected information, phpldapadmin works. I even believe I have the TLS/SSL configuration set appropriately (self signed certs until I can verify that it works in general.)
When I try "ldapsearch -x -H ldaps://host.one.two.edu" on a client, I get "ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1). I tried "-d 8" but it doesn't spit out any debug information. The sad part, this worked at one point...
My /etc/default/slapd.conf on the server:
Code:
SLAPD_CONF=
SLAPD_USER="openldap"
SLAPD_GROUP="openldap"
SLAPD_PIDFILE=
SLAPD_SERVICES="ldaps://host.one.two.edu ldapi:///"
SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
SLAPD_OPTIONS=""
My /etc/ldap/ldap.conf on the server:
Code:
BASE dc=ece,dc=cornell,dc=edu
URI ldaps://host.one.two.edu/
TLS_REQCERT allow
My /etc/ldap/ldap.conf on the client:
Code:
BASE dc=ece,dc=cornell,dc=edu
URI ldapi://host.one.two.edu/
TLS_REQCERT allow
It doesn't appear to be listening on right ports on the server (although there is nothing in the logs to indicate there is a problem.)
Code:
$ sudo netstat -plane | grep ":389"
$ sudo netstat -plane | grep ":636"
tcp 0 0 127.0.1.1:636 0.0.0.0:* LISTEN 0 7386 853/slapd
$ sudo netstat -plane | grep "slapd"
tcp 0 0 127.0.1.1:636 0.0.0.0:* LISTEN 0 7386 853/slapd
unix 2 [ ACC ] STREAM LISTENING 7387 853/slapd /var/run/slapd/ldapi
unix 2 [ ] DGRAM 7383 853/slapd
$
I'm about to give up and just use NIS, it's not that big of an environment. I was just hoping for a more secure authentication method.
...and before you suggest it, I can't use a commercial product. The university is cutting back on expenses and they've determined that IT is too costly (although HR is growing expotentially, go figure.)
Bookmarks