[CentOS] NSS ldap problems

Tue Nov 1 15:33:03 UTC 2011
Paul Heinlein <heinlein at madboa.com>

On Mon, 31 Oct 2011, Mitch Patenaude wrote:

> I'm having trouble setting up ldap based authenication.
>
> I have a virtual (KVM) CentOS 5.4 box set up to authenticate to a 
> 389 (fedora) directory server, and that works fine.
>
> However, I set up a virtual box running CentOS 6, and I can't get it 
> to authenicate.

Others have mentioned some good ideas, so consider these additions to 
the pile. :-)

Is SSL configured correctly? Do you have a copy of the CA certificate 
in the right place? Is the CentOS 6 box querying the correct port (389 
or 636) in your environment?

Is the CentOS 6 box running sssd? If so, take a look at 
/etc/sssd/sssd.conf to see if its configuration looks correct for your 
environment.

I assume there are no firewalls in place blocking LDAP traffic, but it 
never hurts to ask. :-/

Can you run ldapsearch on the CentOS 6 box and connect to the LDAP 
server?

Are there any SELinux warnings in your audit log? (Unlikely, but 
possible.)

If you run tcpdump on the LDAP server, can you see any traffic 
whatsoever from the CentOS 6 box?

-- 
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/