Ubuntu – Ubuntu 12.04 LDAP client issue

ldapopenldap

I followed the guide described here configure LDAP, but I keep getting following error when running "getent passwd", is there any reason for that?

Error:

Jul 16 15:58:33 wso2-VirtualBox getent: nss_ldap: could not search LDAP server - Server is unavailable
^[[AJul 16 15:59:34 wso2-VirtualBox getent: nss_ldap: failed to bind to LDAP server ldapi:///192.168.4.152/: Invalid credentials
Jul 16 15:59:34 wso2-VirtualBox getent: nss_ldap: could not search LDAP server - Server is unavailable

Configuration files:

vi /etc/ldap.conf

base dc=example,dc=com

uri  ldapi:///192.168.4.152/

ldap_version 3

timelimit 4

bind_timelimit 4

bind_policy soft

pam_password md5

nss_initgroups_ignoreusers avahi,avahi-
autoipd,backup,bin,colord,daemon,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,nslcd,openldap,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data

Best Answer

Use the ldapsearch command line tool to verify that the server is running and the credentials you are using are correct:

ldapsearch -D the-dn-you-use -w -the-password-you-use \
    -H 192.168.4.152:389 -s base -b dc=example,dc=com '(&)' 1.1

If ldapsearch succeeds, the server is listening, the LDAP client has sufficient permission to perform this search, and the authentication was correct.

Related Solutions

Ubuntu – How to configure Master-Slave LDAP replication

Master slave in ldap goes by the name of provider and consumer. You don't specify what ldap server you are using so I presume we are talking about openLDAP.

In older openLDAP config was saved in conf files. Nowadays all settings are stored in the ldap server itself. So you need to create the config and inject it to the ldap server so we will start by creating these files. This instruction will replicate all entries to your slave server automatically.

Lets say your company name is acme and the domain is com. and that your current ldap server admin is located in : cn=admin,dc=acme,dc=com

First we need to create a ldap user that is allowed to read all ldap entries to replicated it to the consumer server.

create file "create_repl_user.ldif"

dn: cn=ldaps2,dc=acme,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: ldaps2
description: LDAP server2 replicator

Second we need to enable the provider service in the master ldap server and give the user ldaps2 read access to the entire ldap server.

create file "enable_sync_prov.ldif"

dn: olcDatabase={1}hdb,cn=config
changetype: modify
delete: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange
  by self write
  by anonymous auth
  by dn="cn=admin,dc=acme,dc=com write
  by * none
-
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange
  by self write
  by dn="cn=admin,dc=acme,dc=com" write
  by dn="cn=ldaps2,dc=acme,dc=com" read
  by anonymous auth
  by * none
-
add: olcDbIndex
olcDbIndex: entryUUID eq
-
add: olcDbIndex
olcDbIndex: entryCSN eq

dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: {1}syncprov

dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpCheckpoint: 100 10
olcSpSessionlog: 100

Third: We need to enable replicating from a specified server to our ldap consumer. create the file enable_sync_consumer.ldif replacing the line provider="ldap://yourldapservername.com:389/" , with the ip of your master ldap server. and credentials=yourencryptedldap2spassword , with the password you decide on for your ldap2s user.

dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: stats

dn: olcDatabase={1}hdb,cn=config
changetype: modify
delete: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange
  by self write
  by anonymous auth
  by dn="cn=admin,dc=acme,dc=com" write
  by * none
-
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange
  by anonymous auth
  by * none
-
delete: olcAccess
olcAccess: {2}to *
  by self write
  by dn="cn=admin,dc=acme,dc=com" write
  by * read
-
add: olcAccess
olcAccess: {2}to *
  by * read
-
replace: olcRootDN
olcRootDN: cn=manager
-
delete: olcRootPW
-
add: olcDbIndex
olcDbIndex: entryCSN eq
-
add: olcDbIndex
olcDbIndex: entryUUID eq
-
add: olcDbIndex
olcDbIndex: uid eq
-
add: olcDbIndex
olcDbIndex: cn eq
-
add: olcDbIndex
olcDbIndex: ou eq
-
add: olcDbIndex
olcDbIndex: dc eq


add: olcSyncrepl
olcSyncrepl: rid=123
  provider="ldap://yourldapservername.com:389/"
  type=refreshAndPersist
  retry="60 30 300 +"
  searchbase="dc=acme,dc=com"
  bindmethod=simple
  binddn="cn=ldaps2,dc=acme,dc=com"
  credentials=yourencryptedldap2spassword

Now that we have created the config files, we need to inject them to the provider and consumer server

in the provider server create the replication user:

run ldapadd -x -W -D cn=admin,dc=acme,dc=com -f  create_repl_user.ldif

enable the provider service:

run ldapadd -x -W -D cn=admin,dc=acme,dc=com -f  enable_sync_prov.ldif

in the consumer server add the consumer sync settings:

run ldapadd -x -W -D cn=admin,dc=acme,dc=com -f enable_sync_consumer.ldif

Best Answer

Related Solutions

Ubuntu – How to configure Master-Slave LDAP replication

Related Question