Openldap

客戶端身份驗證“無效憑據”LDAP

  • September 8, 2014

我已經使用手冊安裝了 LDAP 客戶端身份驗證,但在我的 /var/log/auth.log 文件中出現此錯誤:

Sep  5 14:08:59 workstation01 nscd: nss_ldap: failed to bind to LDAP server ldap://c-hack00:389: Invalid credentials
Sep  5 14:08:59 workstation01 nscd: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
Sep  5 14:09:00 workstation01 nscd: nss_ldap: failed to bind to LDAP server ldap://c-hack00:389: Invalid credentials
Sep  5 14:09:00 workstation01 nscd: nss_ldap: could not search LDAP server - Server is unavailable

我的 /etc/ldap.conf:

# Your LDAP server. Must be resolvable without using LDAP.
# Multiple hosts may be specified, each separated by a
# space. How long nss_ldap takes to failover depends on
# whether your LDAP client library supports configurable
# network or connect timeouts (see bind_timelimit).
#host c-hack00

# The distinguished name of the search base.
base dc=c-hack,dc=de

# Another way to specify your LDAP server is to provide an
uri ldap://c-hack00:389
# Unix Domain Sockets to connect to a local LDAP Server.
#uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator

# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=proxyuser,dc=c-hack,dc=de
#"proxuser" is an existing LDAP user I've created

# The credentials to bind with.
# Optional: default is no credential.
bindpw mypasswort

# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
rootbinddn cn=manager,dc=SPG

# The port.
# Optional: default is 389.
#port 389

# The search scope.
#scope sub

我認為客戶端能夠連接到伺服器,但是憑據有問題……我該如何解決這個問題?

只是要清楚 - bindpw 與 proxyuser 帳戶的密碼匹配?如果您執行以下命令(在提示時輸入 bindpw),您會收到錯誤嗎?

ldapsearch -x -W -D “cn=proxyuser,dc=c-hack,dc=de” -b “dc=c-hack, dc=de” objectclass=*

好的,連接到伺服器工作正常,/var/log/auth.log 文件中沒有錯誤,當執行“sudo”命令時,我收到兩個密碼問題(一個是本地密碼問題,一個是 LDAP 密碼問題),但 LDAP 使用者仍然不在“獲取密碼”列表…

引用自:https://serverfault.com/questions/626527

相關問答

Linux

Ubuntu 14.04,OpenLDAP TLS 問題

  • May 11, 2020
檢視問答
Ubuntu-14.04

使用 SSL/TLS 時調試 OpenLDAP

  • May 19, 2017
檢視問答
Ubuntu

kadmind 錯誤 - krb5_recvauth: 在 HDBGET 密鑰表類型中不支持 start_seq_get

  • July 7, 2015
檢視問答
Ubuntu

pam_check_host_attr 無法正常工作

  • January 14, 2015
檢視問答
Openldap

如何在 OpenLDAP 中將使用者設置為 RootDN

  • September 24, 2014
檢視問答
Openldap

openldap 2.4.11 - bdb_dn2id:獲取失敗:DB_NOTFOUND:未找到匹配的密鑰/數據對 (-30989)

  • May 1, 2011
檢視問答