Openldap
客戶端身份驗證“無效憑據”LDAP
我已經使用本手冊安裝了 LDAP 客戶端身份驗證,但在我的 /var/log/auth.log 文件中出現此錯誤:
Sep 5 14:08:59 workstation01 nscd: nss_ldap: failed to bind to LDAP server ldap://c-hack00:389: Invalid credentials Sep 5 14:08:59 workstation01 nscd: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)... Sep 5 14:09:00 workstation01 nscd: nss_ldap: failed to bind to LDAP server ldap://c-hack00:389: Invalid credentials Sep 5 14:09:00 workstation01 nscd: nss_ldap: could not search LDAP server - Server is unavailable
我的 /etc/ldap.conf:
# Your LDAP server. Must be resolvable without using LDAP. # Multiple hosts may be specified, each separated by a # space. How long nss_ldap takes to failover depends on # whether your LDAP client library supports configurable # network or connect timeouts (see bind_timelimit). #host c-hack00 # The distinguished name of the search base. base dc=c-hack,dc=de # Another way to specify your LDAP server is to provide an uri ldap://c-hack00:389 # Unix Domain Sockets to connect to a local LDAP Server. #uri ldap://127.0.0.1/ #uri ldaps://127.0.0.1/ #uri ldapi://%2fvar%2frun%2fldapi_sock/ # Note: %2f encodes the '/' used as directory separator # The LDAP version to use (defaults to 3 # if supported by client library) ldap_version 3 # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. binddn cn=proxyuser,dc=c-hack,dc=de #"proxuser" is an existing LDAP user I've created # The credentials to bind with. # Optional: default is no credential. bindpw mypasswort # The distinguished name to bind to the server with # if the effective user ID is root. Password is # stored in /etc/ldap.secret (mode 600) rootbinddn cn=manager,dc=SPG # The port. # Optional: default is 389. #port 389 # The search scope. #scope sub
我認為客戶端能夠連接到伺服器,但是憑據有問題……我該如何解決這個問題?
只是要清楚 - bindpw 與 proxyuser 帳戶的密碼匹配?如果您執行以下命令(在提示時輸入 bindpw),您會收到錯誤嗎?
ldapsearch -x -W -D “cn=proxyuser,dc=c-hack,dc=de” -b “dc=c-hack, dc=de” objectclass=*
好的,連接到伺服器工作正常,/var/log/auth.log 文件中沒有錯誤,當執行“sudo”命令時,我收到兩個密碼問題(一個是本地密碼問題,一個是 LDAP 密碼問題),但 LDAP 使用者仍然不在“獲取密碼”列表…