Authenticate raspi2 against Nehtserver openldap


(Denis Robel) #1

Hallo,

I have some problems with authentication my Raspi against openldap of nethserver…

I tried this howto: http://www.techgeeks.org/blog/2015/07/13/raspberry-pi-ldap-authentication/

I used in my config files.

ldapuri://ip:389/
base dc=directory,dc=nh
binddn cn=libuser,dc=directory,dc=nh

I extracted the bindpasswd with

cat /var/lib/nethserver/secrets/libuser 

But on my raspi I cant see any user from ldap with getent passwd. What can I check else to solve this problem?

Some usefull hints are welcome.

with warm regards from Leipzig

Denis


(Artem Fedai) #2

Hi , you need to make Ldap reachable from green lan interface, even it is better useing Ldaps 636 port.


(Denis Robel) #3

Hallo Artem,

thank you for your response.

This port is open by default for the green network. I added the ldaps port by a seperate firewall rule.
The result is the same not ldap access…

when I use

ldapsearch -D cn=libuser,dc=directory,dc=nh -w PASWORD

from raspi then I get following result:

# extended LDIF
#
# LDAPv3
# base <dc=directory,dc=nh> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

normaly I should receive the whole ldap tree.

with warm regards from Leipzig

Denis


(Artem Fedai) #4

Make search by existed domain tree, i did not remember default tree name


(Artem Fedai) #5
ldapsearch -h 192.168.1.1 -D cn=libuser,dc=directory,dc=nh -w

Maybe my how to will be helpfull :


(Alessio Fattorini) #6

@denis.robel how is it going? Did you resolve?


(Denis Robel) #7

Hallo Alessio,

yes I solved the problem few minutes ago. I made a reconfigure of nslcd libnss-ldapd ont the raspi:

dpkg-reconfigure nslcd:

ldap://server-ip/
search base: dn=directory,dn=nh
authentication: simple
LDAP-database user: cn=libuser,dn=directory,dn=nh
password: from file /var/lib/nethserver/secrets/libuser

dpkg-reconfigure libnss-ldapd:

I choose folowing:
hosts
passwd
shadow
groups

It would be good if there could be the automount scheme be integrated ín nethserver ldap.config by default…

with warm regards from rainy Leipzig

Denis