From owner-freebsd-ports@FreeBSD.ORG Fri Apr 13 19:42:42 2007 Return-Path: X-Original-To: ports@freebsd.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6385616A406 for ; Fri, 13 Apr 2007 19:42:42 +0000 (UTC) (envelope-from freebsd-ports@mlists.thewrittenword.com) Received: from mail1.thewrittenword.com (mail1.thewrittenword.com [67.95.107.114]) by mx1.freebsd.org (Postfix) with ESMTP id 0860113C45D for ; Fri, 13 Apr 2007 19:42:41 +0000 (UTC) (envelope-from freebsd-ports@mlists.thewrittenword.com) Received: by mail1.thewrittenword.com (Postfix, from userid 1000) id 750355F1; Fri, 13 Apr 2007 14:23:26 -0500 (CDT) Date: Fri, 13 Apr 2007 14:23:26 -0500 From: Albert Chin To: ports@freebsd.org Message-ID: <20070413192326.GC57920@mail1.thewrittenword.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.6i Cc: Subject: Anyone with pam_ldap/nss_ldap against ldaps working? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ports@freebsd.org List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Apr 2007 19:42:42 -0000 I have configured the latest pam_ldap/nss_ldap on FreeBSD 6-STABLE. I have /usr/local/etc/nss_ldap.conf and /usr/local/etc/ldap.conf hard linked. Everything works fine with: uri ldap://ldap.il.thewrittenword.com base ou=users,dc=thewrittenword,dc=com ldap_version 3 rootbinddn cn=Manager,dc=thewrittenword,dc=com pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute uniquemember pam_min_uid 1000 pam_password exop nss_base_passwd ou=users,dc=thewrittenword,dc=com?one nss_base_shadow ou=users,dc=thewrittenword,dc=com?one nss_base_group ou=groups,dc=thewrittenword,dc=com?one timelimit 10 bind_timelimit 10 and: uri ldap://ldap.il.thewrittenword.com base ou=users,dc=thewrittenword,dc=com ldap_version 3 rootbinddn cn=Manager,dc=thewrittenword,dc=com pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute uniquemember pam_min_uid 1000 pam_password exop nss_base_passwd ou=users,dc=thewrittenword,dc=com?one nss_base_shadow ou=users,dc=thewrittenword,dc=com?one nss_base_group ou=groups,dc=thewrittenword,dc=com?one ssl start_tls tls_checkpeer yes tls_cacertfile timelimit 10 bind_timelimit 10 But this doesn't work: uri ldaps://ldap.il.thewrittenword.com base ou=users,dc=thewrittenword,dc=com ldap_version 3 rootbinddn cn=Manager,dc=thewrittenword,dc=com pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute uniquemember pam_min_uid 1000 pam_password exop nss_base_passwd ou=users,dc=thewrittenword,dc=com?one nss_base_shadow ou=users,dc=thewrittenword,dc=com?one nss_base_group ou=groups,dc=thewrittenword,dc=com?one tls_checkpeer yes tls_cacertfile timelimit 10 bind_timelimit 10 Running slapd on the LDAP server with "-d -1", I get the following. I can successfully 'ldapsearch -H ldaps://ldap.il.thewrittenword.com ...'. Anyone with an idea on what is wrong? daemon: activity on 1 descriptor >>> slap_listener(ldap://ldap.il.thewrittenword.com/) daemon: listen=9, new connection on 19 daemon: added 19r (active) listener=0x0 conn=297 fd=19 ACCEPT from IP=192.168.1.3:55864 (IP=192.168.1.67:389) daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: select: listen=8 active_threads=0 tvp=NULL daemon: select: listen=9 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 19r daemon: read activity on 19 connection_get(19) connection_get(19): got connid=297 connection_read(19): checking for input on id=297 ber_get_next ldap_read: want=8, got=8 0000: 80 74 01 03 01 00 4b 00 .t....K. ldap_read: want=110, got=110 0000: 00 00 20 00 00 39 00 00 38 00 00 35 00 00 16 00 .. ..9..8..5.... 0010: 00 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 ..........3..2.. 0020: 2f 03 00 80 00 00 05 00 00 04 01 00 80 00 00 15 /............... 0030: 00 00 12 00 00 09 06 00 40 00 00 14 00 00 11 00 ........@....... 0040: 00 08 00 00 06 04 00 80 00 00 03 02 00 80 cb 36 ...............6 0050: be f8 18 6a e1 b0 f7 70 5c 7b c5 48 cd 65 aa a4 ...j...p\{.H.e.. 0060: 96 da ef d9 76 3a 39 8c 2d 0c ec e6 04 a3 ....v:9.-..... ber_get_next: tag 0x80 len 116 contents: ber_dump: buf=0x08c07300 ptr=0x08c07300 end=0x08c07374 len=116 0000: 01 03 01 00 4b 00 00 00 20 00 00 39 00 00 38 00 ....K... ..9..8. 0010: 00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00 .5.............. 0020: 33 00 00 32 00 00 2f 03 00 80 00 00 05 00 00 04 3..2../......... 0030: 01 00 80 00 00 15 00 00 12 00 00 09 06 00 40 00 ..............@. 0040: 00 14 00 00 11 00 00 08 00 00 06 04 00 80 00 00 ................ 0050: 03 02 00 80 cb 36 be f8 18 6a e1 b0 f7 70 5c 7b .....6...j...p\{ 0060: c5 48 cd 65 aa a4 96 da ef d9 76 3a 39 8c 2d 0c .H.e......v:9.-. 0070: ec e6 04 a3 .... ber_get_next on fd 19 failed errno=0 (Undefined error: 0) connection_read(19): input error=-2 id=297, closing. connection_closing: readying conn=297 sd=19 for close connection_close: conn=297 sd=19 daemon: removing 19 conn=297 fd=19 closed (connection lost) daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: select: listen=8 active_threads=0 tvp=NULL daemon: select: listen=9 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: waked daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: select: listen=8 active_threads=0 tvp=NULL daemon: select: listen=9 active_threads=0 tvp=NULL daemon: activity on 1 descriptor >>> slap_listener(ldap://ldap.il.thewrittenword.com/) daemon: listen=9, new connection on 19 daemon: added 19r (active) listener=0x0 conn=298 fd=19 ACCEPT from IP=192.168.1.3:61245 (IP=192.168.1.67:389) daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: select: listen=8 active_threads=0 tvp=NULL daemon: select: listen=9 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 19r daemon: read activity on 19 connection_get(19) connection_get(19): got connid=298 connection_read(19): checking for input on id=298 ber_get_next ldap_read: want=8, got=8 0000: 80 74 01 03 01 00 4b 00 .t....K. ldap_read: want=110, got=110 0000: 00 00 20 00 00 39 00 00 38 00 00 35 00 00 16 00 .. ..9..8..5.... 0010: 00 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 ..........3..2.. 0020: 2f 03 00 80 00 00 05 00 00 04 01 00 80 00 00 15 /............... 0030: 00 00 12 00 00 09 06 00 40 00 00 14 00 00 11 00 ........@....... 0040: 00 08 00 00 06 04 00 80 00 00 03 02 00 80 61 24 ..............a$ 0050: d3 b9 7b 49 d1 29 76 ab b1 77 f9 9d b1 38 f3 60 ..{I.)v..w...8.` 0060: 61 2e 4d f3 79 1d 29 5d 38 56 92 97 8b c6 a.M.y.)]8V.... ber_get_next: tag 0x80 len 116 contents: ber_dump: buf=0x08c07300 ptr=0x08c07300 end=0x08c07374 len=116 0000: 01 03 01 00 4b 00 00 00 20 00 00 39 00 00 38 00 ....K... ..9..8. 0010: 00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00 .5.............. 0020: 33 00 00 32 00 00 2f 03 00 80 00 00 05 00 00 04 3..2../......... 0030: 01 00 80 00 00 15 00 00 12 00 00 09 06 00 40 00 ..............@. 0040: 00 14 00 00 11 00 00 08 00 00 06 04 00 80 00 00 ................ 0050: 03 02 00 80 61 24 d3 b9 7b 49 d1 29 76 ab b1 77 ....a$..{I.)v..w 0060: f9 9d b1 38 f3 60 61 2e 4d f3 79 1d 29 5d 38 56 ...8.`a.M.y.)]8V 0070: 92 97 8b c6 .... ber_get_next on fd 19 failed errno=0 (Undefined error: 0) connection_read(19): input error=-2 id=298, closing. connection_closing: readying conn=298 sd=19 for close connection_close: conn=298 sd=19 daemon: removing 19 conn=298 fd=19 closed (connection lost) daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: select: listen=8 active_threads=0 tvp=NULL daemon: select: listen=9 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: waked daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: select: listen=8 active_threads=0 tvp=NULL daemon: select: listen=9 active_threads=0 tvp=NULL -- albert chin (china@thewrittenword.com)