1

Authentication against an LDAP Server stopped on several different web and workstation clients, for which i assume the host is at fault.

However ldapsearch -x uid=user -LLL -H ldap://ldap.host.de -b dc=dep,dc=org,dc=de(slightly redacted) provides a result as expected. Using the Fusiondirectory to see and modify directories works fine as well..

The host runs Debian 8(i know) and libldap 2.4.0.
Method is self signed certificates, no kerberos or IPM.

netstat -natshows 0.0.0.389 0.0.0.0:* LISTEN and 0.0.0.636 0.0.0.0:* LISTEN
systemctl status slapd shows active(running)

/var/log/slapd.log basically just shows slapd started at some time and did nothing? ever since.

The problem is really i'm kinda lost where to start looking at this point. As far i was concerned i always thought an working ldapsearch on a client was already the sign it being working correctly..

I know a familiar sounding question already exists, but doesn't give any clues to this one.
How to test a LDAP connection from a client

Edit: i found ldapsearch -H ldap://ldap.host.de -x -b "" -s base -LLL supportedSASLMechanisms to show:

supportedSASLMechanisms: GS2-IAKERB
supportedSASLMechanisms: GS2-KRB5
supportedSASLMechanisms: SCRAM-SHA-1
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: CRAM-MD5

cn=config.ldiff:

# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 a786a04b
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcPidFile: /var/run/slapd/slapd.pid
olcToolThreads: 1
structuralObjectClass: olcGlobal
entryUUID: cc37ae96-2b8d-5484-8du2-997ff7483a4
creatorsName: cn=config
createTimestamp: 20151030091025Z
olcTLSCACertificateFile: /etc/ssl/certs/gov-chain.pem
olcTLSCertificateFile: /etc/ssl/certs/ldap.org.public.pem
olcTLSCertificateKeyFile: /etc/ssl/private/ldap.org.private.pem
olcLogLevel: 64
olcLogFile: /var/log/slapd.log
entryCSN: 20151230114136.233704Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20151230114136Z
AnotherCluelessGuy
  • 23
  • 3

0 Answers0