Opened 6 years ago
Closed 6 years ago
#2043 closed task (wontfix)
ldapsearch no longer works on staging.www.osgeo.org
| Reported by: | robe | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Website rebranding 2017 |
| Component: | SysAdmin | Keywords: | |
| Cc: |
Description
Originally when I setup staging.www.osgeo.org
I did a test to verify ldapsearch worked like this:
ldapsearch -x uid=robe
gives error:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Trying to debug with
ldapsearch -x -d5 uid=robe
Gives a bit more information looks like it's trying to use localhost now instead of ldaps://ldap.osgeo.org, so maybe it relies on ldap.conf which perhaps was taken out
ldap_create ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:389 ldap_new_socket: 4 ldap_prepare_socket: 4 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_pvt_connect: fd: 4 tm: -1 async: 0 attempting to connect: connect errno: 111 ldap_close_socket: 4 ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
I thought I tried like 2 weeks ago and it worked. Were ldap changes made in past 2 weeks to server?
Though this still works
getent passwd robe
Thanks, Regina
Change History (4)
comment:1 by , 6 years ago
comment:2 by , 6 years ago
Indeed, the "ldapsearch" command refers to /etc/ldap/ldap.conf, but this file has been moved away more than one month ago, when I switched the machine over to using pam_ldapd/nslcd for authentication.
Personally I prefer to have just one system-wide file in /etc/ to make clear, where exactly the active configuration resides. I usually have a shell alias for "ldapsearch" to set the additional parameters.
If we *need* to have "ldapsearch" work without them, then we can put it back in - but in this case we should do so on all machines.
comment:3 by , 6 years ago
The use of /etc/ldal/ldap.conf is documented here: https://wiki.osgeo.org/wiki/SAC:LDAP#Command_line_interface
I don't find documentation about the other mechanism on the wiki. I'm happy if you find a way to have a single configuration for multiple tools but such configuration should be clearly documented so it's easier to debug problems when they arise and configure new machines when needed.
Can you add documentation for the pam setup on that wiki page ?
comment:4 by , 6 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
It's the same tool though I suspect Martin just wiped out the ldap.conf because it wasn't needed for sshing but is convenient for ldapsearch to look up defaults.
Anyrate I updated the doc you have above to describe how to do the query if ldap.conf is not configured for ldap.osgeo.org
Since didn't impact my wordpress setup I'm closing out and leaving as is.
I should add, it works if I fill in all the details. So not a huge deal I just don't remember it being this way and why it was changed if it was.