1 |
On Monday 22 October 2007 13:12:29 Bertram Scharpf wrote: |
2 |
> Hi, |
3 |
> |
4 |
> when setting up LDAP Pam authentication I encountered a |
5 |
> problem that seems to be neither Slapd- nor |
6 |
> nss_ldap-specific. |
7 |
> |
8 |
> When running the init script there comes up an error that |
9 |
> clutters up my syslog with a lot of useless error messages: |
10 |
> |
11 |
> @(#) $OpenLDAP: slapd 2.3.38 (Oct 18 2007 22:12:26) $ |
12 |
> root@myhost:/var/tmp/portage/net-nds/openldap-2.3.38/work/openldap-2.3.38/ |
13 |
>servers/slapd nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: |
14 |
> Can't contact LDAP server nss_ldap: failed to bind to LDAP server |
15 |
> ldap://127.0.0.1/: Can't contact LDAP server nss_ldap: failed to bind to |
16 |
> LDAP server ldapi://%2fvar%2frun%2fldapi_sock/: Can't contact LDAP server |
17 |
> ... |
18 |
> nss_ldap: could not search LDAP server - Server is unavailable |
19 |
> WARNING: No dynamic config support for database ldbm. |
20 |
> slapd starting |
21 |
> |
22 |
> I found out that the Gentoo init script activates the |
23 |
> options "-u ldap -g ldap". Without them, the error messages |
24 |
> do not appear. Therefore I suppose the slapd daemon tries to |
25 |
> obtain passwd/shadow information for ldap via nss_ldap. At |
26 |
> least when I say "compat" in nsswitch.conf, the error |
27 |
> message doesn't appear as well. |
28 |
|
29 |
instead of -u ldap -g ldap, try putting in the UID and GID. This should stop |
30 |
the calls to the server. |
31 |
|
32 |
> The files should be searched first. The "ldap" information |
33 |
> is present in all three of them. I even tried to chown the |
34 |
> shadow file to ldap but this didn't save me from the weird |
35 |
> messages either. |
36 |
|
37 |
Don't play with the perms on /etc/shadow, you're just openning up security |
38 |
holes. |
39 |
|
40 |
|
41 |
-- |
42 |
Benjamin Smee (strerror) |
43 |
net-mail/netmon/forensics/crypto/ldap |
44 |
Fingerprint: 497F 5E98 1FA0 C313 EA0B 08C7 004A 66ED 448B E78C |
45 |
-- |
46 |
gentoo-dev@g.o mailing list |