#2043: ldapsearch no longer works on staging.www.osgeo.org
---------------------------+-------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Website rebranding 2017
Component: Systems Admin | Keywords:
---------------------------+-------------------------------------
Originally when I setup staging.www.osgeo.org
I did a test to verify ldapsearch worked like this:
{{{
ldapsearch -x uid=robe
}}}
gives error:
{{{
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
}}}
Trying to debug with
{{{
ldapsearch -x -d5 uid=robe
}}}
Gives a bit more information looks like it's trying to use localhost now
instead of ldaps://ldap.osgeo.org, so maybe it relies on ldap.conf which
perhaps was taken out
{{{
ldap_create
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_pvt_connect: fd: 4 tm: -1 async: 0
attempting to connect:
connect errno: 111
ldap_close_socket: 4
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
}}}
I thought I tried like 2 weeks ago and it worked. Were ldap changes made
in past 2 weeks to server?
Though this still works
{{{
getent passwd robe
}}}
Thanks,
Regina
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2043>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2043: ldapsearch no longer works on staging.www.osgeo.org
---------------------------+--------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Website rebranding 2017
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------------------------
Comment (by robe):
I should add, it works if I fill in all the details. So not a huge deal I
just don't remember it being this way and why it was changed if it was.
{{{
ldapsearch -x -b "dc=osgeo,dc=org" uid=robe -H ldaps://ldap.osgeo.org
}}}
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2043#comment:1>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2043: ldapsearch no longer works on staging.www.osgeo.org
---------------------------+--------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Website rebranding 2017
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------------------------
Comment (by martin):
Indeed, the "ldapsearch" command refers to /etc/ldap/ldap.conf, but this
file has been moved away more than one month ago, when I switched the
machine over to using pam_ldapd/nslcd for authentication.
Personally I prefer to have just one system-wide file in /etc/ to make
clear, where exactly the active configuration resides. I usually have a
shell alias for "ldapsearch" to set the additional parameters.
If we *need* to have "ldapsearch" work without them, then we can put it
back in - but in this case we should do so on all machines.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2043#comment:2>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2043: ldapsearch no longer works on staging.www.osgeo.org
---------------------------+--------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Website rebranding 2017
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------------------------
Comment (by strk):
The use of /etc/ldal/ldap.conf is documented here:
https://wiki.osgeo.org/wiki/SAC:LDAP#Command_line_interface
I don't find documentation about the other mechanism on
the wiki. I'm happy if you find a way to have a single
configuration for multiple tools but such configuration
should be clearly documented so it's easier to debug
problems when they arise and configure new machines
when needed.
Can you add documentation for the pam setup on that
wiki page ?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2043#comment:3>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2043: ldapsearch no longer works on staging.www.osgeo.org
---------------------------+--------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone: Website rebranding 2017
Component: Systems Admin | Resolution: wontfix
Keywords: |
---------------------------+--------------------------------------
Changes (by robe):
* status: new => closed
* resolution: => wontfix
Comment:
It's the same tool though I suspect Martin just wiped out the ldap.conf
because it wasn't needed for sshing but is convenient for ldapsearch to
look up defaults.
Anyrate I updated the doc you have above to describe how to do the query
if ldap.conf is not configured for ldap.osgeo.org
Since didn't impact my wordpress setup I'm closing out and leaving as is.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2043#comment:4>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.