HowTO: Setup an LDAP Server CentOS 6.3

ldap_access_filter = memberOf=cn=operations,ou=Group,dc=example,dc=com
ldap_access_order = filter, host, authorized_service

Click to expand...

Stratus_ss said:

well I am glad you found it helpful,

Though I am not sure what you mean by "clean" using the authconfig-tui vs authconfig makes very little difference. Other than that I am advising double checking certs and ensuring that home directories are created. Very little difference from your tutorial

Click to expand...

Enter LDAP Password:

Click to expand...

ldap_bing: Invalid credentials (49)

Click to expand...

[root@client ~]# ldapsearch -x -b 'o=babin'

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Click to expand...

[root@ldap sssd]# tail -f *
==> ldap_child.log <==

==> sssd_default.log <==
(Tue Aug 26 17:03:05 2014) [sssd[be[default]]] [main] (0x0010): Could not initialize backend [22]
(Tue Aug 26 17:03:05 2014) [sssd[be[default]]] [load_backend_module] (0x0010): Error (22) in module (ldap) initialization (sssm_ldap_id_init)!
(Tue Aug 26 17:03:05 2014) [sssd[be[default]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Aug 26 17:03:05 2014) [sssd[be[default]]] [main] (0x0010): Could not initialize backend [22]
(Tue Aug 26 17:03:07 2014) [sssd[be[default]]] [load_backend_module] (0x0010): Error (22) in module (ldap) initialization (sssm_ldap_id_init)!
(Tue Aug 26 17:03:07 2014) [sssd[be[default]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Aug 26 17:03:07 2014) [sssd[be[default]]] [main] (0x0010): Could not initialize backend [22]
(Tue Aug 26 17:03:11 2014) [sssd[be[default]]] [load_backend_module] (0x0010): Error (22) in module (ldap) initialization (sssm_ldap_id_init)!
(Tue Aug 26 17:03:11 2014) [sssd[be[default]]] [be_process_init] (0x0010): fatal error initializing data providers
(Tue Aug 26 17:03:11 2014) [sssd[be[default]]] [main] (0x0010): Could not initialize backend [22]

==> sssd.log <==
(Tue Aug 26 17:03:11 2014) [sssd] [mt_svc_exit_handler] (0x0010): Process [default], definitely stopped!
(Tue Aug 26 17:26:24 2014) [sssd] [mt_svc_sigkill] (0x0010): [default][2021] is not responding to SIGTERM. Sending SIGKILL.

==> sssd_nss.log <==
(Tue Aug 26 17:03:10 2014) [sssd[nss]] [sss_dp_init] (0x0010): Failed to connect to monitor services.
(Tue Aug 26 17:03:10 2014) [sssd[nss]] [sss_process_init] (0x0010): fatal error setting up backend connector
(Tue Aug 26 17:03:10 2014) [sssd[nss]] [sss_dp_init] (0x0010): Failed to connect to monitor services.
(Tue Aug 26 17:03:10 2014) [sssd[nss]] [sss_process_init] (0x0010): fatal error setting up backend connector

==> sssd_pam.log <==
(Tue Aug 26 17:03:10 2014) [sssd[pam]] [sss_dp_init] (0x0010): Failed to connect to monitor services.
(Tue Aug 26 17:03:10 2014) [sssd[pam]] [sss_process_init] (0x0010): fatal error setting up backend connector
(Tue Aug 26 17:03:10 2014) [sssd[pam]] [sss_dp_init] (0x0010): Failed to connect to monitor services.
(Tue Aug 26 17:03:10 2014) [sssd[pam]] [sss_process_init] (0x0010): fatal error setting up backend connector

Click to expand...

babinlonston said:

While doing a search i got the below, and its take more than 3 minutes to get this error..

Click to expand...

Stratus_ss said:

When you get this it definitely means there is a problem with the client (or possibly a client and/or server firewall)

Does the ldap search work on the server itself?

What do your ldap files look like on the client?

Do you have iptables running?

SELinux?

Click to expand...

[root@ldap ~]# ldapsearch -x -b 'o=babin'
# extended LDIF
#
# LDAPv3
# base <o=babin> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1
[root@ldap ~]#

Click to expand...

[root@babin ~]# ldapsearch -x -b 'o=babin'
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Click to expand...

[root@ldap ~]# ldapsearch -d 1 -v -H ldaps://babin:636
ldap_url_parse_ext(ldaps://babin:636)
ldap_initialize( ldaps://babin:636/??base )
ldap_create
ldap_url_parse_ext(ldaps://babin:636/??base)
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP babin:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 210.11.232.21:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_close_socket: 3
ldap_err2string
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

Click to expand...

[root@client ~]# ldapsearch -d 1 -v -H ldaps://babin:636
ldap_url_parse_ext(ldaps://babin:636)
ldap_initialize( ldaps://babin:636/??base )
ldap_create
ldap_url_parse_ext(ldaps://babin:636/??base)
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP babin:636
ldap_connect_to_host: getaddrinfo failed: Name or service not known
ldap_err2string
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

Click to expand...

[root@client ~]# tail -f /var/log/sssd/*
==> /var/log/sssd/ldap_child.log <==

==> /var/log/sssd/sssd_default.log <==

==> /var/log/sssd/sssd.log <==

==> /var/log/sssd/sssd_nss.log <==

==> /var/log/sssd/sssd_pam.log <==

Click to expand...

[root@ldap ~]# netstat -tunlp | grep 636
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 25532/slapd
tcp 0 0 :::636 :::* LISTEN

Click to expand...