[PLUG] How to connect to a openldap server without DNS?

Amey Abhyankar sco1984 at gmail.com
Wed Jul 21 12:18:45 IST 2021 

Setup with Cent 7.9 + a configuration guide [1] helped.
But,
When I am trying to authenticate the ldap user from another machine, I
see following error on LDAP server =

-----------------------------------------------------------------------------
Jul 21 12:04:50 ldap slapd[21830]: conn=1003 op=7 SRCH
attr=objectClass cn userPassword gidNumber memberuid modifyTimestamp
modifyTimestamp
Jul 21 12:04:50 ldap slapd[21830]: <= bdb_equality_candidates:
(gidNumber) not indexed
Jul 21 12:04:50 ldap slapd[21830]: conn=1003 op=7 SEARCH RESULT
tag=101 err=0 nentries=0 text=
Jul 21 12:04:50 ldap slapd[21830]: conn=1004 fd=18 ACCEPT from
IP=10.200.104.135:46940 (IP=0.0.0.0:389)
Jul 21 12:04:50 ldap slapd[21830]: conn=1004 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jul 21 12:04:50 ldap slapd[21830]: conn=1004 op=0 STARTTLS
Jul 21 12:04:50 ldap slapd[21830]: conn=1004 op=0 RESULT oid= err=0 text=
Jul 21 12:04:50 ldap slapd[21830]: conn=1004 fd=18 closed (TLS
negotiation failure)
Jul 21 12:04:50 ldap slapd[21830]: conn=1003 op=8 UNBIND
Jul 21 12:04:50 ldap slapd[21830]: conn=1003 fd=11 closed
----------------------------------------------------------------------------

If I ssh to client machine & say =
1) getent passwd user1 = user1:*:9999:100:user1[Admin (at)
XYZ]:/home/user1:/bin/bash
2) sudo user1 & then id = uid=9999(user1) gid=100(users)
groups=100(users)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

I tried to generate a key & cert & did import using ldapmodify command. [2]
Copied the .cert file on client machine under /etc/openldap/certs
I checked the permissions. Looks ok.
I tried restarting nscd & nslcd services on client machine.
After switching to the ldap user on client machine, I can see that the
user's dir is created under /home.

But getting 'Access denied' error when trying to ssh to the client
machine using the LDAP user & the password.
Any hints how to fix this issue?

I am trying to setup openldap for a third party app.
>From the app's web UI, developer connects to the ldap > fetches the
ldap user & then we login to the web UI using the ldap user.

Regards,
Amey.

[1] https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html
[2] https://linuxhostsupport.com/blog/how-to-install-ldap-on-centos-7/


On Fri, 16 Jul 2021 at 10:27, Amey Abhyankar <sco1984 at gmail.com> wrote:
>
> Hello All,
>
> Any simple method to achieve this?
>
> I want to fetch openldap user from a third party application.
> I enter ldap details in the third party app for connection.
>
> I did Google and found some posts at IBM forums which are complicated
> enough to understand and half baked.
>
> I have installed openldap using turnkey Linux. Bundled openldap software.
> Configured cn,dn etc.
> Added generic user with sn.
> This is just a POC server.
> I am using a different domain name than the currently used domain name.
>
> If I try to make a ldap connection even on this server using 127.0.1.1
> it gives an errpr.
> command = ldapsearch -x -LLL -H ldap://127.0.1.1
> error = object not found (32)
> I also tried to use ldap:/// flag.
> Same error.
>
> Any hints on how to configure SRV record? Thanks.
> Installing BIND9 on the openldap Debian 10 os will help?
>
> Regards,
> Amey.

More information about the plug-mail mailing list