So I’ve been playing with LemonLDAP::NG a bit, and it’s looking nice, but right now I’m having trouble getting it to talk to a LDAP server on a Neth box. For now, I’m running LemonLDAP on a CentOS 7 VM, and Neth 7.9 on a separate VM. The Neth box is using local OpenLDAP as the accounts provider. Running ldapsearch
from the CentOS machine seems to work:
[root@auth log]# ldapsearch -x -b dc=directory,dc=nh -H ldap://192.168.1.52
# extended LDIF
#
# LDAPv3
# base <dc=directory,dc=nh> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# directory.nh
dn: dc=directory,dc=nh
objectClass: top
objectClass: dcObject
objectClass: organization
dc: directory
o: Neth LemonLDAP Test
# People, directory.nh
dn: ou=People,dc=directory,dc=nh
objectClass: top
objectClass: organizationalUnit
ou: People
# Groups, directory.nh
dn: ou=Groups,dc=directory,dc=nh
objectClass: top
objectClass: organizationalUnit
ou: Groups
# libuser, directory.nh
dn: cn=libuser,dc=directory,dc=nh
objectClass: device
objectClass: simpleSecurityObject
cn: libuser
description: libuser management account
# ldapservice, directory.nh
dn: cn=ldapservice,dc=directory,dc=nh
objectClass: device
objectClass: simpleSecurityObject
cn: ldapservice
description: ldapservice management account
# locals, Groups, directory.nh
dn: cn=locals,ou=Groups,dc=directory,dc=nh
gidNumber: 1001
cn: locals
objectClass: posixGroup
# admin, People, directory.nh
dn: uid=admin,ou=People,dc=directory,dc=nh
uidNumber: 1001
gidNumber: 1001
uid: admin
shadowMax: 99999
shadowWarning: 7
shadowMin: 0
loginShell: /usr/libexec/openssh/sftp-server
homeDirectory: /var/lib/nethserver/home/admin
shadowInactive: -1
shadowExpire: -1
gecos: admin
shadowLastChange: 18673
shadowFlag: -1
cn: admin
sn: admin
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
mail: admin@familybrown.org
# domain admins, Groups, directory.nh
dn: cn=domain admins,ou=Groups,dc=directory,dc=nh
gidNumber: 1002
objectClass: posixGroup
memberUid: admin
cn: domain admins
# fred, People, directory.nh
dn: uid=fred,ou=People,dc=directory,dc=nh
uidNumber: 1002
gidNumber: 1001
uid: fred
shadowMax: 99999
shadowWarning: 7
shadowMin: 0
loginShell: /usr/libexec/openssh/sftp-server
homeDirectory: /var/lib/nethserver/home/fred
shadowInactive: -1
shadowExpire: -1
gecos: Fred Flintstone
shadowLastChange: 18673
shadowFlag: -1
cn: Fred Flintstone
sn: fred
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
mail: fred@familybrown.org
# search result
search: 2
result: 0 Success
# numResponses: 10
# numEntries: 9
But when I configure LemonLDAP to connect to that server as follows:
I get this error on the login screen:
…with this not-very-helpful message in Apache’s error_log:
[Sun Feb 28 14:45:49 2021] [LLNG:4062] [error] IO::Socket::INET: connect: Permission denied
[Sun Feb 28 14:45:49 2021] [LLNG:4062] [error] LDAP initialization error: IO::Socket::INET: connect: Permission denied