Dear Support,
the connection to LDAP by phpLdapAdmin with default autentication “cn=libuser,dc=directory,dc=nh” and password by secret file works fine.
Unfortunately I can login by Apache Directory Studio but is all hole why?
What’s I wrong?
Thanks
Mario
Update…
I installed Apache Direcotry Studio on the Nethserver machine and the connection to LDAP works fine.
At this point, what I must to enable to browse LDAP remotely?
Thanks
Mario
davidep
(Davide Principi)
September 21, 2016, 3:32pm
3
If you’re on ns6 your connection requires STARTTLS and user credentials.
Edit:
Hi @alecks ,
the STARTTLS command is supported on port 389, and is the preferred method if the clients have it.
Check the admin’s password has been correctly set. The admin’s DN should be
uid=admin,ou=People,dc=directory,dc=nh
or, if your domain part is example.com
uid=admin,ou=People,dc=example,dc=com
The port 636 is disabled by default: it could be enabled with a couple of commands…
davidep
(Davide Principi)
September 21, 2016, 3:41pm
5
Please see also the link above
The connection works but I cannot browse the LDAP tree and return “No such Object” error.
It seems that LDAP tree is browsable only from localhost.
alefattorini
(Alessio Fattorini)
September 22, 2016, 1:25pm
7
Ehi @paspo you’re a LDAP expert, can you lend a hand to Mario?
I don’t understand why I cannot browse the directory.
If I use phpLdapAdmin or I run Apache Directory Studio on locally is ok…
If from my PC launch Apache Directory Studio I cannot browse.
For this, I must to connect a web application to use LDAP and the connection not works.
Mario
davidep
(Davide Principi)
September 22, 2016, 7:19pm
9
libuser can access from local host only. Please try with admin or any other user account!
paspo
(paspo)
September 22, 2016, 7:31pm
10
This is exactly your problem.
I’ve encountered this “behavior” some time ago, and I changed to the way I wanted it (read only for everybody).
I’m too lazy to investigate the consequences of this modification, but for my use cases this is “secure enough”.
click here to see the modifications I made.
@alefattorini : no, I’m not an expert in any way. Expecially with LDAP. I’ve just configured it with my mighty hammer.
Mario_Lanno
(Mario Lanno)
September 22, 2016, 7:31pm
11
Just tried…nothing to do
I created a user on top called totaladmin but nothing.
alefattorini
(Alessio Fattorini)
September 22, 2016, 8:30pm
12
Ok not an expert but a smart guy
davidep
(Davide Principi)
September 23, 2016, 7:35am
13
The request LDAP Administration tool and ldaps looks similar to your. I can’t figure out why it does not work…
Could you provide more details? Could you attach a log file or error message from the LDAP server?
Could you make an experiment from a remote host with the ldapsearch
command? Please try with
ldapsearch -b dc=directory,dc=nh -ZZ -h yourserver -D uid=admin,ou=People,dc=directory,dc=nh -W
Mario_Lanno
(Mario Lanno)
September 23, 2016, 2:57pm
14
works!
mmmmmmm…monday will try by the web app
thanks
Mario_Lanno
(Mario Lanno)
September 23, 2016, 3:05pm
15
works from a server but not from the Apache Directory Studio?
It’s very strange!!!
1 Like
Mario_Lanno
(Mario Lanno)
September 26, 2016, 9:40am
16
Failed to login from web app.
This is the slapd log:
Sep 26 11:38:50 nstest slapd[3652]: conn=1190 op=2 BIND anonymous mech=implicit ssf=0
Sep 26 11:38:50 nstest slapd[3652]: conn=1190 op=2 BIND dn=“uid=connuser,ou=People,dc=#####,dc=#####” method=128
Sep 26 11:38:50 nstest slapd[3652]: conn=1190 op=2 BIND dn=“uid=connuser,ou=People,dc=directory,dc=nh” mech=SIMPLE ssf=0
Sep 26 11:38:50 nstest slapd[3652]: conn=1190 op=2 RESULT tag=97 err=0 text=
Sep 26 11:38:50 nstest slapd[3652]: conn=1190 op=3 SRCH base=“ou=People,dc=#####,dc=#####” scope=0 deref=0 filter="(objectClass=*)“
Sep 26 11:38:50 nstest slapd[3652]: conn=1190 op=3 SEARCH RESULT tag=101 err=32 nentries=0 text=
Sep 26 11:38:50 nstest slapd[3652]: conn=1191 fd=39 ACCEPT from IP=10.0.0.111:36153 (IP=0.0.0.0:389)
Sep 26 11:38:50 nstest slapd[3652]: conn=1191 op=0 BIND dn=“uid=connuser,ou=People,dc=u#####,dc=#####” method=128
Sep 26 11:38:50 nstest slapd[3652]: conn=1191 op=0 BIND dn=“uid=connuser,ou=People,dc=directory,dc=nh” mech=SIMPLE ssf=0
Sep 26 11:38:50 nstest slapd[3652]: conn=1191 op=0 RESULT tag=97 err=0 text=
Sep 26 11:38:50 nstest slapd[3652]: conn=1191 op=1 SRCH base=“ou=People,dc=u#####,dc=#####” scope=2 deref=0 filter=”(&(objectClass=sambaSamAccount)(objectClass=shadowAccount)(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=person)(objectClass=top)(uid=lanno))"
Sep 26 11:38:50 nstest slapd[3652]: conn=1191 op=1 SRCH attr=displayName uid employeeNumber
Sep 26 11:38:50 nstest slapd[3652]: conn=1191 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=
Mario_Lanno
(Mario Lanno)
September 26, 2016, 10:40am
17
maybe I wrong anything
The requested fields are:
rDN Attribute = uid
User id Attribute = uid
Login Name Attribute = uid
LDAP Object Class = sambaSamAccount
Connection DN = uid=user,ou=People,dc=domain,dc=com
Users DN = ou=People,dc=domain,dc=com
Base Search Users = subtree
Group DN = ou=Groups,dc=domain,dc=com
davidep
(Davide Principi)
September 26, 2016, 2:00pm
18
Mario_Lanno:
Sep 26 11:38:50 nstest slapd[3652]: conn=1190 op=2 BIND anonymous mech=implicit ssf=0
[…]
Sep 26 11:38:50 nstest slapd[3652]: conn=1191 op=0 BIND dn=“uid=connuser,ou=People,dc=directory,dc=nh” mech=SIMPLE ssf=0
ssf=0
means the connection is not encrypted. Can you see similar lines in the same log file when you run the ldapsearch
command above?
Mario_Lanno
(Mario Lanno)
September 26, 2016, 2:03pm
19
fd=50 TLS established tls_ssf=256 ssf=256
Mario_Lanno
(Mario Lanno)
September 26, 2016, 2:20pm
20
could I disable TLS for test?