Error added: 2007-08-09T11:45:34Z
On Ubuntu Precise 12.04, after replacing nscd with nslcd in order to make LDAP TLS setup work, I got a weird problem where "getent passwd" and "getent group" seem to work but I can't login with LDAP users. Following command to replace libpam-ldap with libpam-ldapd solved my problem. sudo apt-get install ldap-utils libpam-ldapd And the output looked like this: Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: linux-headers-3.2.0-37 linux-headers-3.2.0-37-generic Use 'apt-get autoremove' to remove them. The following extra packages will be installed: libldap-2.4-2 The following packages will be REMOVED: libpam-ldap The following NEW packages will be installed: libpam-ldapd The following packages will be upgraded: ldap-utils libldap-2.4-2
It largely depends what kind of client system you are using. If you are using Centos/Redhat based system and using sssd for client authentication then entries in /etc/openldap/ldap.conf does not play any role. You need to put right ldap server names in sssd.conf. Also make sure all ldap server names resolves to some IP address from the client machine. If you do not have DNS setup, then create /etc/hosts file entries. Entries in ldap.conf could help you to debug the issue using ldapsearch command. Also to automatically change all dependent files use authconfig. authconfig --enablesssd --enablesssdauth --ldapserver=ldaps://ldap.my.net,ldaps://ldap02.my.net --ldapbasedn=dc=my,dc=net --enableshadow --enablemkhomedir --enablelocauthorize --update
I guess there are many reasons for a tool not to be able to contact the LDAP server. I had a case in which ldap.conf was not well configured. I had uri ldapi://127.0.0.1/ instead of uri ldap://127.0.0.1/
Check out base and uri sections in /etc/pam_ldap.conf I had the wrong adresses there and that caused the probleme in my case.
I had the same problem and solved it by changing the following in /etc/pam_ldap.conf old: ldapi:/// new: ldap://127.0.0.1 Apparently the socket for ldapi protocol does not exist for whatever reason. This can also be changed via dpkg-reconfigure but I forgot which package it belongs to and can\'t be bothered to find out now. I hope this is useful for other people.
changed ldap://192.168.1.8 into ldap://192.168.1.8/
check /etc/resolv.conf if there are any name servers added. you have to resolve the ip of the ldap server.
have a look in the /etc/ldap.conf, you should use host 127.0.0.1 # if ldap is running on localhost OR use the uri-section using both produces the \"pam_ldap: ldap_simple_bind Can\'t contact LDAP server\" this changes solves the problem for me http://forums.gentoo.org/viewtopic-t-210871-highlight-ldapsimplebind+contact+ldap.html
Wow, it\'s working for me now. I did a load of changes. Some of them: auth-client-config -a -p ldap_example cp /etc/ldap/ldap.conf /etc/ldap.conf I did a lot more, but I don\'t know what caused it to work now.
system-authconfig added an extra uri line at the bottom of the ldap.conf file which was incorrect. I removed it and the one I originally put in ldap.conf worked correctly.
If you know the answer, please add your own solution below.
If you don't know, but find out later, please come back and share your answer - there will be other people
struggling with this too.
If you want to be notified via email when this is solved, enter your email address here: