ldap认证问题

ipigzhu

[root@zzz ~]# ldapsearch -LLL -w 111 -H ldap://demo.com -D "cn=admin,dc=demo,dc=com" -b "dc=demo,dc=com"
dn: dc=demo,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: demo
o: demo, Inc.

dn: ou=People,dc=demo,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=demo,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

dn: cn=testuser1,ou=Group,dc=demo,dc=com
objectClass: posixGroup
objectClass: top
cn: testuser1
userPassword:: e2NyeXB0fXg=
gidNumber: 1002

dn: cn=testuser2,ou=Group,dc=demo,dc=com
objectClass: posixGroup
objectClass: top
cn: testuser2
userPassword:: e1NTSEF9elZPV2F1akllSXpUdTk5UkJtZVg2cGRIZjFSaTlIeVI=
gidNumber: 1003

dn: uid=testuser1,ou=People,dc=demo,dc=com
uid: testuser1
cn: testuser1
objectClass: account
objectClass: posixAccount
objectClass: top
loginShell: /bin/sh
uidNumber: 1002
gidNumber: 1002
homeDirectory: /home/testuser1
userPassword:: e1NTSEF9NEVVYStVVFVpdFFqWWxOejNzbHNlQnFodnFwYi80ZnQ=

dn: uid=testuser2,ou=People,dc=demo,dc=com
uid: testuser2
cn: testuser2
objectClass: account
objectClass: posixAccount
objectClass: top
loginShell: /bin/sh
uidNumber: 1003
gidNumber: 1003
homeDirectory: /home/testuser2
userPassword:: e1NTSEF9ZzRwb09ON1M3RlhubGdSUXpuNTl5WjF5NEIwWlpLWlg=

dn: ou=machines,dc=demo,dc=com
objectClass: organizationalUnit
ou: machines

dn: uid=aaa,ou=People,dc=demo,dc=com
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
homeDirectory: /home/aaa
loginShell: /bin/bash
uid: aaa
cn: aaa
userPassword:: e1NTSEF9WmJSTE1uWDVYb0NwNktiOVdUOWtRRlhUMG51ZVZQbVI=
uidNumber: 10000
sn: aaa
gidNumber: 10000

dn: cn=aaa,ou=Group,dc=demo,dc=com
objectClass: posixGroup
gidNumber: 10000
cn: aaa


这是我做好了ldap环境后，查询到的数据
现在是这样的，我设置了系统通过ldap认证

这个应该没什么问题对吧。



然后我通过命令看看这个用户，却发现这个账号没有
[root@zzz ~]# id aaa
id: aaa: No such user

我没有使用useradd aaa 创建，我是想让系统使用ldap认证，ldap有这个用户，那么为什么这里查不到。
更别谈使用aaa账号登陆系统了。

是我设置的问题还是什么？？希望大家帮我看看

zhonghua7896321

把log贴出来吧，ldap和messages的log信息

ipigzhu

回复 2# zhonghua7896321

下面是 /etc/init.d/slapd restart 打印日志。我才发现问题。。。。。。他怎么会提示找不到服务呢？？？？
明明我能查到数据，通过ldap-account-manager客户端也能添加数据。那应该没有配置错误对吧。

我在网上搜索了包括在这个论坛里也看到了其他人遇到的类似的情况，都没有解决的方法。


哥哥，请你帮我看看呢。。。




    Jan 14 12:56:16 zzz nslcd[2562]: [495cff] failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server: Transport endpoint is not connected
Jan 14 12:56:16 zzz nslcd[2562]: [495cff] no available LDAP server found, sleeping 1 seconds
Jan 14 12:56:17 zzz nslcd[2562]: [495cff] failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server: Transport endpoint is not connected
Jan 14 12:56:17 zzz nslcd[2562]: [495cff] no available LDAP server found, sleeping 1 seconds
Jan 14 12:56:18 zzz nslcd[2562]: [495cff] failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server: Transport endpoint is not connected
Jan 14 12:56:18 zzz nslcd[2562]: [495cff] no available LDAP server found, sleeping 1 seconds
Jan 14 12:56:19 zzz nslcd[2562]: [495cff] failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server: Transport endpoint is not connected
Jan 14 12:56:19 zzz nslcd[2562]: [495cff] no available LDAP server found, sleeping 1 seconds
Jan 14 12:56:20 zzz nslcd[2562]: [495cff] failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server: Transport endpoint is not connected
Jan 14 12:56:20 zzz nslcd[2562]: [495cff] no available LDAP server found, sleeping 1 seconds
Jan 14 12:56:21 zzz nslcd[2562]: [495cff] failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server: Transport endpoint is not connected
Jan 14 12:56:21 zzz nslcd[2562]: [495cff] no available LDAP server found, sleeping 1 seconds
Jan 14 12:56:22 zzz nslcd[2562]: [495cff] failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server: Transport endpoint is not connected
Jan 14 12:56:22 zzz nslcd[2562]: [495cff] no available LDAP server found, sleeping 1 seconds
Jan 14 12:56:23 zzz nslcd[2562]: [495cff] failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server: Transport endpoint is not connected

zhonghua7896321

把下配置文件/etc/nslcd.conf里边的内容贴出来吧

ipigzhu

回复 4# zhonghua7896321


我的nslcd.conf文件

#map    group  cn               groupName
#map    group  uniqueMember     member
#map    group  gidNumber        gid
uid nslcd
gid ldap
# This comment prevents repeated auto-migration of settings.
uri ldap://127.0.0.1/
base dc=demo,dc=com
ssl no
tls_cacertdir /etc/openldap/cacerts



顺便贴一下我的ldap的log


tail -f  /var/log/ldap.log
an 14 22:52:44 zzz slapd[2190]: @(#) $OpenLDAP: slapd 2.4.40 (Nov 10 2015 09:35:51) $#012#011mockbuild@c6b8.bsys.dev.centos.org:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/build-servers/servers/slapd
Jan 14 22:52:44 zzz slapd[2190]: => test_filter
Jan 14 22:52:44 zzz slapd[2190]:     PRESENT
Jan 14 22:52:44 zzz slapd[2190]: <= test_filter 6
Jan 14 22:52:44 zzz slapd[2190]: => test_filter
Jan 14 22:52:44 zzz slapd[2190]:     PRESENT
Jan 14 22:52:44 zzz slapd[2190]: <= test_filter 6
Jan 14 22:52:44 zzz slapd[2190]: => test_filter
Jan 14 22:52:44 zzz slapd[2190]:     PRESENT
Jan 14 22:52:44 zzz slapd[2190]: <= test_filter 6
Jan 14 22:52:44 zzz slapd[2190]: => test_filter
Jan 14 22:52:44 zzz slapd[2190]:     PRESENT
Jan 14 22:52:44 zzz slapd[2190]: <= test_filter 6
Jan 14 22:52:44 zzz slapd[2190]: => test_filter
Jan 14 22:52:44 zzz slapd[2190]:     PRESENT
Jan 14 22:52:44 zzz slapd[2190]: <= test_filter 6
Jan 14 22:52:44 zzz slapd[2191]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
Jan 14 22:52:44 zzz slapd[2191]: slapd starting
Jan 14 22:52:44 zzz slapd[2191]: daemon: added 4r listener=(nil)
Jan 14 22:52:44 zzz slapd[2191]: daemon: added 7r listener=0x9cd058
Jan 14 22:52:44 zzz slapd[2191]: daemon: added 8r listener=0x9dc1c0
Jan 14 22:52:44 zzz slapd[2191]: daemon: added 9r listener=0x9dc2f8
Jan 14 22:52:44 zzz slapd[2191]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Jan 14 22:52:44 zzz slapd[2191]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Jan 14 22:52:44 zzz slapd[2191]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Jan 14 22:52:44 zzz slapd[2191]: daemon: activity on 1 descriptor
Jan 14 22:52:44 zzz slapd[2191]: daemon: activity on:
Jan 14 22:52:44 zzz slapd[2191]:
Jan 14 22:52:44 zzz slapd[2191]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Jan 14 22:52:44 zzz slapd[2191]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Jan 14 22:52:44 zzz slapd[2191]: daemon: epoll: listen=9 active_threads=0 tvp=zero




麻烦你，再帮我看看~~

zhonghua7896321

感觉没问题啊，这个配置文件/etc/pam_ldap.conf的内容和nslcd.conf是不是一样的？如果不是的话，改成一样的再试试。

ipigzhu

回复 6# zhonghua7896321


改了，还是不行。不知道怎么回事。先放一放吧，，，

谢谢~~~