The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

форумы  помощь  поиск  регистрация  майллист  вход/выход  слежка  RSS
"Проблемы с LDAP-авторизацией"
Вариант для распечатки  
Пред. тема | След. тема 
Форум Открытые системы на сервере (Система. проблемы, диагностика)
Изначальное сообщение [ Отслеживать ]

"Проблемы с LDAP-авторизацией"  +/
Сообщение от GrafIn (ok) on 29-Дек-11, 10:41 
Доброго времени суток.

Возможно проблема уже набила оскомину и на мой вопрос уже давался ответ, но я его не нашел sad

Есть LDAP-сервер. Вроде настроен, на вопросы ldapsearch отвечает вменяемо. Проблемы с авторизацией в системе LDAP-пользователей.
Лог LDAP-а при попытке подключиться по SSH командой ssh -X -C -Y 192.168.2.3 -l ilkina
Код:

Dec 29 09:56:40 mainserver slapd[14823]: conn=1088 fd=19 ACCEPT from IP=127.0.0.1:36986 (IP=0.0.0.0:389)
Dec 29 09:56:40 mainserver slapd[14823]: conn=1088 op=0 BIND dn="cn=admin,dc=gazteh,dc=local" method=128
Dec 29 09:56:40 mainserver slapd[14823]: conn=1088 op=0 BIND dn="cn=admin,dc=gazteh,dc=local" mech=SIMPLE ssf=0
Dec 29 09:56:40 mainserver slapd[14823]: conn=1088 op=0 RESULT tag=97 err=0 text=
Dec 29 09:56:40 mainserver slapd[14823]: conn=1088 op=1 SRCH base="ou=people,dc=gazteh,dc=local" scope=1 deref=0 filter="(uid=ilkina)"
Dec 29 09:56:40 mainserver slapd[14823]: conn=1088 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Dec 29 09:56:40 mainserver slapd[14823]: conn=1089 fd=20 ACCEPT from IP=127.0.0.1:36987 (IP=0.0.0.0:389)
Dec 29 09:56:40 mainserver slapd[14823]: conn=1089 op=0 BIND dn="cn=admin,dc=gazteh,dc=local" method=128
Dec 29 09:56:40 mainserver slapd[14823]: conn=1089 op=0 BIND dn="cn=admin,dc=gazteh,dc=local" mech=SIMPLE ssf=0
Dec 29 09:56:40 mainserver slapd[14823]: conn=1089 op=0 RESULT tag=97 err=0 text=
Dec 29 09:56:40 mainserver slapd[14823]: conn=1089 op=1 SRCH base="ou=people,dc=gazteh,dc=local" scope=1 deref=0 filter="(&(objectClass=shadowAccount)(uid=unknown user))"
Dec 29 09:56:40 mainserver slapd[14823]: conn=1089 op=1 SRCH attr=uid userPassword shadowLastChange shadowMax shadowMin shadowWarning shadowInactive shadowExpire shadowFlag
Dec 29 09:56:40 mainserver slapd[14823]: conn=1089 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Dec 29 09:56:43 mainserver slapd[14823]: conn=1089 op=2 SRCH base="ou=people,dc=gazteh,dc=local" scope=1 deref=0 filter="(&(objectClass=shadowAccount)(uid=unknown user))"
Dec 29 09:56:43 mainserver slapd[14823]: conn=1089 op=2 SRCH attr=uid userPassword shadowLastChange shadowMax shadowMin shadowWarning shadowInactive shadowExpire shadowFlag
Dec 29 09:56:43 mainserver slapd[14823]: conn=1089 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Dec 29 09:56:45 mainserver slapd[14823]: conn=1089 fd=20 closed (connection lost)
Dec 29 09:56:45 mainserver slapd[14823]: conn=1088 fd=19 closed (connection lost)
Dec 29 09:56:45 mainserver slapd[14823]: conn=1090 fd=19 ACCEPT from IP=127.0.0.1:36988 (IP=0.0.0.0:389)
Dec 29 09:56:45 mainserver slapd[14823]: conn=1090 op=0 BIND dn="cn=admin,dc=gazteh,dc=local" method=128
Dec 29 09:56:45 mainserver slapd[14823]: conn=1090 op=0 BIND dn="cn=admin,dc=gazteh,dc=local" mech=SIMPLE ssf=0
Dec 29 09:56:45 mainserver slapd[14823]: conn=1090 op=0 RESULT tag=97 err=0 text=
Dec 29 09:56:45 mainserver slapd[14823]: conn=1090 op=1 SRCH base="ou=people,dc=gazteh,dc=local" scope=1 deref=0 filter="(uid=ilkina)"
Dec 29 09:56:45 mainserver slapd[14823]: conn=1090 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Dec 29 09:56:45 mainserver slapd[14823]: conn=1091 fd=20 ACCEPT from IP=127.0.0.1:36989 (IP=0.0.0.0:389)
Dec 29 09:56:45 mainserver slapd[14823]: conn=1091 op=0 BIND dn="cn=admin,dc=gazteh,dc=local" method=128
Dec 29 09:56:45 mainserver slapd[14823]: conn=1091 op=0 BIND dn="cn=admin,dc=gazteh,dc=local" mech=SIMPLE ssf=0
Dec 29 09:56:45 mainserver slapd[14823]: conn=1091 op=0 RESULT tag=97 err=0 text=
Dec 29 09:56:45 mainserver slapd[14823]: conn=1091 op=1 SRCH base="ou=people,dc=gazteh,dc=local" scope=1 deref=0 filter="(&(objectClass=shadowAccount)(uid=unknown user))"
Dec 29 09:56:45 mainserver slapd[14823]: conn=1091 op=1 SRCH attr=uid userPassword shadowLastChange shadowMax shadowMin shadowWarning shadowInactive shadowExpire shadowFlag
Dec 29 09:56:45 mainserver slapd[14823]: conn=1091 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Dec 29 09:56:45 mainserver slapd[14823]: conn=1091 fd=20 closed (connection lost)
Dec 29 09:56:45 mainserver slapd[14823]: conn=1090 fd=19 closed (connection lost)

Непонятно почему
Код:

Dec 29 09:56:40 mainserver slapd[14823]: conn=1089 op=1 SRCH base="ou=people,dc=gazteh,dc=local" scope=1 deref=0 filter="(&(objectClass=shadowAccount)(uid=unknown user))"

При этом:
Код:

$ ldapsearch -x -L objectclass=shadowAccount -D "cn=admin,dc=gazteh,dc=local" -w XXX
Ответ:
.......................
# Ilkina Ilkina, people, gazteh.local
dn: cn=Ilkina Ilkina,ou=people,dc=gazteh,dc=local
sn: Ilkina
givenName: Ilkina
uid: ilkina
preferredLanguage: ru_RU
cn: Ilkina Ilkina
gosaMailServer: mainserver
gosaMailDeliveryMode: [L]
gosaSpamSortLevel: 0
gosaSpamMailbox: INBOX
sambaLMPassword: 7BD50B6BBC6EC897AAD3B435B51404EE
sambaNTPassword: 2B8F26954B9A09DC47E8D667F681E7A1
sambaPwdLastSet: 1324981226
sambaBadPasswordCount: 0
sambaBadPasswordTime: 0
userPassword:: XXXXXXXXXXXXXXXXXXXXXXXX
mail: xxxxxxx@xxxxxxxx.xxx
homeDirectory: /home/ilkina
loginShell: /bin/bash
uidNumber: 1003
gidNumber: 1003
shadowLastChange: 0
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: gosaAccount
objectClass: gosaMailAccount
objectClass: posixAccount
objectClass: shadowAccount
gecos: Ilkina Ilkina


Юзер ilkina присутствует только в LDAP.
Смущает еще и то, что в ответ на запросы getent passwd, getent shadow, getent group ответ содержит юзера ilkina - тобиш вроде все нормально, а запрос "id ilkina" возвращает ответ что такого пользователя нет и в логах LDAP-а ничего.

/etc/ldap.conf
Код:

ldap_version 3                                                                                                                                                                                
                                                                                                                                                                                              
host 127.0.0.1                                                                                                                                                                                
base dc=gazteh,dc=local                                                                                                                                                                        
uri ldap://127.0.0.1/                                                                                                                                                                          
                                                                                                                                                                                              
binddn cn=admin,dc=gazteh,dc=local                                                                                                                                                            
bindpw XXXX                                                                                                                                                                                  
rootbinddn cn=admin,dc=gazteh,dc=local                                                                                                                                                        
port 389                                                                                                                                                                                      
                                                                                                                                                                                              
scope base                                                                                                                                                                                    
                                                                                                                                                                                              
timelimit 30                                                                                                                                                                                  
bind_timelimit 30                                                                                                                                                                              
                                                                                                                                                                                              
nss_connect_policy persist                                                                                                                                                                    
                                                                                                                                                                                              
nss_paged_results yes                                                                                                                                                                          
pagesize 1000                                                                                                                                                                                  
                                                                                                                                                                                              
#pam_filter objectclass=posixAccount                                                                                                                                                          
pam_login_attribute uid                                                                                                                                                                        
pam_password crypt                                                                                                                                                                            
                                                                                                                                                                                              
nss_base_passwd         ou=people,dc=gazteh,dc=local?one                                                                                                                                      
nss_base_shadow         ou=people,dc=gazteh,dc=local?one                                                                                                                                      
nss_base_group          ou=groups,dc=gazteh,dc=local?one                                                                                                                                      
nss_map_attribute       rfc2307attribute        mapped_attribute                                                                                                                              
nss_map_objectclass     rfc2307objectclass      mapped_objectclass


Буду благодарен за любые конструктивные советы, ибо сам уже голову сломал.

Ответить | Правка | Cообщить модератору

Оглавление

Сообщения по теме [Сортировка по времени | RSS]


1. "Проблемы с LDAP-авторизацией"  +/
Сообщение от JohnProfic (ok) on 30-Дек-11, 21:46 
ОС?
Содержимое /etc/nsswitch.conf?
Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору

Архив | Удалить

Рекомендовать для помещения в FAQ | Индекс форумов | Темы | Пред. тема | След. тема




Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру