Notes on LDAP

To troubleshoot system authentication:

  • Need openldap-clients installed on the host so that the 'ldapsearch' command can be used.
  • cat /etc/ldap.conf to see what the installation's ldap configuration looks like.
  • Useful information ends up on the LDAP server under /var/log/slapd.log
  • For TLS authentication, check that /etc/openldap/cacerts/ has a certificate which is appropriate for the LDAP server.
  • DON'T forget to try the -x parameter if you're getting "no such attribute (16)" errors. This is actually a SASL handshake error, not an LDAP error.
  • openssl s_client -connect host:636 will dump the LDAP certs.
Another huge point can be local authorization, without which you won't be able to log in in some sites. That's set in /etc/sysconfig/authconfig.

-- SeanNewton - 10 Apr 2012

This topic: Notes > WebHome > LinuxStuff > LdapNotes
Topic revision: r2 - 2012-04-10 - SeanNewton
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback