Notes on LDAP

To troubleshoot system authentication:

  • Need openldap-clients installed on the host so that the 'ldapsearch' command can be used.
  • cat /etc/ldap.conf to see what the installation's ldap configuration looks like.
  • Useful information ends up on the LDAP server under /var/log/slapd.log
  • For TLS authentication, check that /etc/openldap/cacerts/ has a certificate which is appropriate for the LDAP server.
  • DON'T forget to try the -x parameter if you're getting "no such attribute (16)" errors. This is actually a SASL handshake error, not an LDAP error.
  • openssl s_client -connect host:636 will dump the LDAP certs.
Another huge point can be local authorization, without which you won't be able to log in in some sites. That's set in /etc/sysconfig/authconfig.

-- SeanNewton - 10 Apr 2012

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2012-04-10 - SeanNewton
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback