Anyone with pam_ldap/nss_ldap against ldaps working?

Albert Chin freebsd-ports at mlists.thewrittenword.com
Fri Apr 13 19:42:42 UTC 2007 

I have configured the latest pam_ldap/nss_ldap on FreeBSD 6-STABLE.
I have /usr/local/etc/nss_ldap.conf and /usr/local/etc/ldap.conf
hard linked. Everything works fine with:
  uri ldap://ldap.il.thewrittenword.com
  base ou=users,dc=thewrittenword,dc=com
  ldap_version 3
  rootbinddn cn=Manager,dc=thewrittenword,dc=com
  pam_filter objectclass=posixAccount
  pam_login_attribute uid
  pam_member_attribute uniquemember
  pam_min_uid 1000
  pam_password exop
  nss_base_passwd ou=users,dc=thewrittenword,dc=com?one
  nss_base_shadow ou=users,dc=thewrittenword,dc=com?one
  nss_base_group ou=groups,dc=thewrittenword,dc=com?one
  timelimit 10
  bind_timelimit 10
and:
  uri ldap://ldap.il.thewrittenword.com
  base ou=users,dc=thewrittenword,dc=com
  ldap_version 3
  rootbinddn cn=Manager,dc=thewrittenword,dc=com
  pam_filter objectclass=posixAccount
  pam_login_attribute uid
  pam_member_attribute uniquemember
  pam_min_uid 1000
  pam_password exop
  nss_base_passwd ou=users,dc=thewrittenword,dc=com?one
  nss_base_shadow ou=users,dc=thewrittenword,dc=com?one
  nss_base_group ou=groups,dc=thewrittenword,dc=com?one
  ssl start_tls
  tls_checkpeer yes
  tls_cacertfile <path to crt>
  timelimit 10
  bind_timelimit 10

But this doesn't work:
  uri ldaps://ldap.il.thewrittenword.com
  base ou=users,dc=thewrittenword,dc=com
  ldap_version 3
  rootbinddn cn=Manager,dc=thewrittenword,dc=com
  pam_filter objectclass=posixAccount
  pam_login_attribute uid
  pam_member_attribute uniquemember
  pam_min_uid 1000
  pam_password exop
  nss_base_passwd ou=users,dc=thewrittenword,dc=com?one
  nss_base_shadow ou=users,dc=thewrittenword,dc=com?one
  nss_base_group ou=groups,dc=thewrittenword,dc=com?one
  tls_checkpeer yes
  tls_cacertfile <path to crt>
  timelimit 10
  bind_timelimit 10

Running slapd on the LDAP server with "-d -1", I get the following. I
can successfully 'ldapsearch -H ldaps://ldap.il.thewrittenword.com
...'. Anyone with an idea on what is wrong?

daemon: activity on 1 descriptor
>>> slap_listener(ldap://ldap.il.thewrittenword.com/)
daemon: listen=9, new connection on 19
daemon: added 19r (active) listener=0x0
conn=297 fd=19 ACCEPT from IP=192.168.1.3:55864 (IP=192.168.1.67:389)
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: select: listen=9 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on: 19r
daemon: read activity on 19
connection_get(19)
connection_get(19): got connid=297
connection_read(19): checking for input on id=297
ber_get_next
ldap_read: want=8, got=8
  0000:  80 74 01 03 01 00 4b 00                            .t....K.          
ldap_read: want=110, got=110
  0000:  00 00 20 00 00 39 00 00  38 00 00 35 00 00 16 00   .. ..9..8..5....  
  0010:  00 13 00 00 0a 07 00 c0  00 00 33 00 00 32 00 00   ..........3..2..  
  0020:  2f 03 00 80 00 00 05 00  00 04 01 00 80 00 00 15   /...............  
  0030:  00 00 12 00 00 09 06 00  40 00 00 14 00 00 11 00   ........ at .......  
  0040:  00 08 00 00 06 04 00 80  00 00 03 02 00 80 cb 36   ...............6  
  0050:  be f8 18 6a e1 b0 f7 70  5c 7b c5 48 cd 65 aa a4   ...j...p\{.H.e..  
  0060:  96 da ef d9 76 3a 39 8c  2d 0c ec e6 04 a3         ....v:9.-.....    
ber_get_next: tag 0x80 len 116 contents:
ber_dump: buf=0x08c07300 ptr=0x08c07300 end=0x08c07374 len=116
  0000:  01 03 01 00 4b 00 00 00  20 00 00 39 00 00 38 00   ....K... ..9..8.  
  0010:  00 35 00 00 16 00 00 13  00 00 0a 07 00 c0 00 00   .5..............  
  0020:  33 00 00 32 00 00 2f 03  00 80 00 00 05 00 00 04   3..2../.........  
  0030:  01 00 80 00 00 15 00 00  12 00 00 09 06 00 40 00   .............. at .  
  0040:  00 14 00 00 11 00 00 08  00 00 06 04 00 80 00 00   ................  
  0050:  03 02 00 80 cb 36 be f8  18 6a e1 b0 f7 70 5c 7b   .....6...j...p\{  
  0060:  c5 48 cd 65 aa a4 96 da  ef d9 76 3a 39 8c 2d 0c   .H.e......v:9.-.  
  0070:  ec e6 04 a3                                        ....              
ber_get_next on fd 19 failed errno=0 (Undefined error: 0)
connection_read(19): input error=-2 id=297, closing.
connection_closing: readying conn=297 sd=19 for close
connection_close: conn=297 sd=19
daemon: removing 19
conn=297 fd=19 closed (connection lost)
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: select: listen=9 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: waked
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: select: listen=9 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
>>> slap_listener(ldap://ldap.il.thewrittenword.com/)
daemon: listen=9, new connection on 19
daemon: added 19r (active) listener=0x0
conn=298 fd=19 ACCEPT from IP=192.168.1.3:61245 (IP=192.168.1.67:389)
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: select: listen=9 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on: 19r
daemon: read activity on 19
connection_get(19)
connection_get(19): got connid=298
connection_read(19): checking for input on id=298
ber_get_next
ldap_read: want=8, got=8
  0000:  80 74 01 03 01 00 4b 00                            .t....K.          
ldap_read: want=110, got=110
  0000:  00 00 20 00 00 39 00 00  38 00 00 35 00 00 16 00   .. ..9..8..5....  
  0010:  00 13 00 00 0a 07 00 c0  00 00 33 00 00 32 00 00   ..........3..2..  
  0020:  2f 03 00 80 00 00 05 00  00 04 01 00 80 00 00 15   /...............  
  0030:  00 00 12 00 00 09 06 00  40 00 00 14 00 00 11 00   ........ at .......  
  0040:  00 08 00 00 06 04 00 80  00 00 03 02 00 80 61 24   ..............a$  
  0050:  d3 b9 7b 49 d1 29 76 ab  b1 77 f9 9d b1 38 f3 60   ..{I.)v..w...8.`  
  0060:  61 2e 4d f3 79 1d 29 5d  38 56 92 97 8b c6         a.M.y.)]8V....    
ber_get_next: tag 0x80 len 116 contents:
ber_dump: buf=0x08c07300 ptr=0x08c07300 end=0x08c07374 len=116
  0000:  01 03 01 00 4b 00 00 00  20 00 00 39 00 00 38 00   ....K... ..9..8.  
  0010:  00 35 00 00 16 00 00 13  00 00 0a 07 00 c0 00 00   .5..............  
  0020:  33 00 00 32 00 00 2f 03  00 80 00 00 05 00 00 04   3..2../.........  
  0030:  01 00 80 00 00 15 00 00  12 00 00 09 06 00 40 00   .............. at .  
  0040:  00 14 00 00 11 00 00 08  00 00 06 04 00 80 00 00   ................  
  0050:  03 02 00 80 61 24 d3 b9  7b 49 d1 29 76 ab b1 77   ....a$..{I.)v..w  
  0060:  f9 9d b1 38 f3 60 61 2e  4d f3 79 1d 29 5d 38 56   ...8.`a.M.y.)]8V  
  0070:  92 97 8b c6                                        ....              
ber_get_next on fd 19 failed errno=0 (Undefined error: 0)
connection_read(19): input error=-2 id=298, closing.
connection_closing: readying conn=298 sd=19 for close
connection_close: conn=298 sd=19
daemon: removing 19
conn=298 fd=19 closed (connection lost)
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: select: listen=9 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: waked
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: select: listen=9 active_threads=0 tvp=NULL

-- 
albert chin (china at thewrittenword.com)

More information about the freebsd-ports mailing list