Openldap

客戶端身份驗證“無效憑據”LDAP

  • September 8, 2014

我已經使用手冊安裝了 LDAP 客戶端身份驗證,但在我的 /var/log/auth.log 文件中出現此錯誤:

Sep  5 14:08:59 workstation01 nscd: nss_ldap: failed to bind to LDAP server ldap://c-hack00:389: Invalid credentials
Sep  5 14:08:59 workstation01 nscd: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
Sep  5 14:09:00 workstation01 nscd: nss_ldap: failed to bind to LDAP server ldap://c-hack00:389: Invalid credentials
Sep  5 14:09:00 workstation01 nscd: nss_ldap: could not search LDAP server - Server is unavailable

我的 /etc/ldap.conf:

# Your LDAP server. Must be resolvable without using LDAP.
# Multiple hosts may be specified, each separated by a
# space. How long nss_ldap takes to failover depends on
# whether your LDAP client library supports configurable
# network or connect timeouts (see bind_timelimit).
#host c-hack00

# The distinguished name of the search base.
base dc=c-hack,dc=de

# Another way to specify your LDAP server is to provide an
uri ldap://c-hack00:389
# Unix Domain Sockets to connect to a local LDAP Server.
#uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator

# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=proxyuser,dc=c-hack,dc=de
#"proxuser" is an existing LDAP user I've created

# The credentials to bind with.
# Optional: default is no credential.
bindpw mypasswort

# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
rootbinddn cn=manager,dc=SPG

# The port.
# Optional: default is 389.
#port 389

# The search scope.
#scope sub

我認為客戶端能夠連接到伺服器,但是憑據有問題……我該如何解決這個問題?

只是要清楚 - bindpw 與 proxyuser 帳戶的密碼匹配?如果您執行以下命令(在提示時輸入 bindpw),您會收到錯誤嗎?

ldapsearch -x -W -D “cn=proxyuser,dc=c-hack,dc=de” -b “dc=c-hack, dc=de” objectclass=*

好的,連接到伺服器工作正常,/var/log/auth.log 文件中沒有錯誤,當執行“sudo”命令時,我收到兩個密碼問題(一個是本地密碼問題,一個是 LDAP 密碼問題),但 LDAP 使用者仍然不在“獲取密碼”列表…

引用自:https://serverfault.com/questions/626527