Jason Lixfeld wrote:
> On 4-Jul-06, at 4:33 AM, Nigel Wade wrote:
>
>
>>Can you debug the LDAP communication between the client and the
>>LDAP server? If
>>it isn't using ldaps you should be able to capture the packets
>>using something
>>like ethereal and see how the client is binding to the server, what
>>request it
>>is actually making, and what response the server is returning.
>
>
> It looks as though it's nss_ldap failing to bind. I'll have to sort
> that out on my own.
>
The way it works here (openldap on Linux - RHEL AS4) is that nss_ldap will first
attempt to bind using the binddn specified in /etc/ldap.conf. This requires it
be able to read /etc/ldap.secret. If it is unable to do this it will attempt an
anonymous bind. In either case the bind must have read access to sufficient
information to satisfy the request. I'm not exactly sure what attributes
check_local_user requires to satisfy its requirements that a user is actually local.
FreeBSD may, of course, be different from Linux in this respect. How, if
nss_ldap is failing to bind, does normal authentication work for you?
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@???
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
