NethServer Version: NethServer release 7.6.1810 (final)
Module: Base
Hi all,
I have a NS on a VPS (so, single network interface, green, with firewall rules/fail2ban in front of it) which should do authentication/authorization with LDAP through VPN to another machine. I used OpenVPN package available from the Software Center and configured a roadwarrior client for the other machine. The other client is connected fine and is able to use all the NS services.
I tried to configure the LDAP client on a NextCloud instance on the “client” VPS which worked for some time then stopped.
I narrowed down the problem with the following:
[root@ciccio ~]# ldapsearch -x -W -D 'uid=bindonly,ou=People,dc=directory,dc=nh' -b "ou=People,dc=directory,dc=nh" -h 127.0.0.1 > /dev/null
Enter LDAP Password:
[root@ciccio ~]# echo $?
0
[root@ciccio ~]# ldapsearch -x -W -D 'uid=bindonly,ou=People,dc=directory,dc=nh' -b "ou=People,dc=directory,dc=nh" -h 172.18.255.1 > /dev/null
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
[root@ciccio ~]# echo $?
49
As you may see, the first one works fine while pointing to 127.0.0.1, the second one fails with an error which is quite generic. I googled the error, finding a lot of people having problems loading the wrong slapd.conf
file, which is not provided anymore and thus is not the issue.
I don’t have any clue. I tried checking in /var/log/messages
(no results), on an eventual /var/log/slapd.log
(but finding nothing), running slapd
in debug mode (and here’s an extract of what I obtained with the first and then with the second commands:
5c27b4ec >>> dnPrettyNormal: <uid=bindonly,ou=People,dc=directory,dc=nh>
5c27b4ec <<< dnPrettyNormal: <uid=bindonly,ou=People,dc=directory,dc=nh>, <uid=bindonly,ou=people,dc=directory,dc=nh>
5c27b4ec do_bind: version=3 dn="uid=bindonly,ou=People,dc=directory,dc=nh" method=128
5c27b4ec bdb_dn2entry("uid=bindonly,ou=people,dc=directory,dc=nh")
5c27b4ec do_bind: v3 bind: "uid=bindonly,ou=People,dc=directory,dc=nh" to "uid=bindonly,ou=People,dc=directory,dc=nh"
5c27b4ec send_ldap_result: conn=1003 op=0 p=3
5c27b4ec send_ldap_response: msgid=1 tag=97 err=0
ber_flush2: 14 bytes to sd 18
5c27b4ec connection_get(18): got connid=1003
5c27b4ec connection_read(18): checking for input on id=1003
5c27b548 >>> dnPrettyNormal: <uid=bindonly,ou=People,dc=directory,dc=nh>
5c27b548 <<< dnPrettyNormal: <uid=bindonly,ou=People,dc=directory,dc=nh>, <uid=bindonly,ou=people,dc=directory,dc=nh>
5c27b548 do_bind: version=3 dn="uid=bindonly,ou=People,dc=directory,dc=nh" method=128
5c27b548 bdb_dn2entry("uid=bindonly,ou=people,dc=directory,dc=nh")
5c27b548 send_ldap_result: conn=1005 op=0 p=3
5c27b548 send_ldap_response: msgid=1 tag=97 err=49
ber_flush2: 14 bytes to sd 18
5c27b548 connection_get(18): got connid=1005
5c27b548 connection_read(18): checking for input on id=1005
I really don’t know how to debug more this one ).
I’ve already checked inside “Network services” and slapd
is enabled on green interface, and also ss
explains that it is listening on any addresses on the same machine.
Any ideas/clues?