search

osixia / docker-openldap

OpenLDAP container image 🐳🌴
MIT License
4.06k stars 978 forks source link

Ldap Client unable to login using LDAP user. #534

Open abhilashkariyappa opened 3 years ago

abhilashkariyappa commented 3 years ago

I have configured open ldap and created multiple users. I used an cent os 7 client to connect to ldap server. Below is the authconfig test output _

> caching is disabled
> nss_files is always enabled
> nss_compat is disabled
> nss_db is disabled
> nss_hesiod is disabled
>  hesiod LHS = ""
>  hesiod RHS = ""
> nss_ldap is enabled
>  LDAP+TLS is disabled
>  LDAP server = "ip of the machine where my container is running"
>  LDAP base DN = "dc=powerflex,dc=com"
> nss_nis is enabled
>  NIS server = "X"
>  NIS domain = "os"
> nss_nisplus is disabled
> nss_winbind is disabled
>  SMB workgroup = "SAMBA"
>  SMB servers = ""
>  SMB security = "user"
>  SMB realm = ""
>  Winbind template shell = "/bin/false"
>  SMB idmap range = "16777216-33554431"
> nss_sss is enabled by default
> nss_wins is disabled
> nss_mdns4_minimal is enabled
> myhostname is enabled
> DNS preference over NSS or WINS is disabled
> pam_unix is always enabled
>  shadow passwords are enabled
>  password hashing algorithm is sha512
> pam_krb5 is disabled
>  krb5 realm = ""
>  krb5 realm via dns is disabled
>  krb5 kdc = ""
>  krb5 kdc via dns is disabled
>  krb5 admin server = ""
> pam_ldap is enabled
>  LDAP+TLS is disabled
>  LDAP server = "ip of the machine where my container is running"
>  LDAP base DN = "dc=powerflex,dc=com"
>  LDAP schema = "rfc2307"
> pam_pkcs11 is disabled
>  use only smartcard for login is disabled
>  smartcard module = ""
>  smartcard removal action = ""
> pam_fprintd is enabled
> pam_ecryptfs is disabled
> pam_winbind is disabled
>  SMB workgroup = "SAMBA"
>  SMB servers = ""
>  SMB security = "user"
>  SMB realm = ""
> pam_sss is disabled by default
>  credential caching in SSSD is enabled
>  SSSD use instead of legacy services if possible is enabled
> IPAv2 is disabled
> IPAv2 domain was not joined
>  IPAv2 server = ""
>  IPAv2 realm = ""
>  IPAv2 domain = ""
> pam_pwquality is enabled (try_first_pass local_users_only retry=3 authtok_type=)
> pam_passwdqc is disabled ()
> pam_access is disabled ()
> pam_mkhomedir or pam_oddjob_mkhomedir is enabled (umask=0077)
> Always authorize local users is enabled ()
> Authenticate system accounts ag

_

but when i check /etc/passwd .. it does not list my ldap users ..also i am unable to login to my ldap client using any ldap user.

Container Info : CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4d8474f3b868 osixia/openldap:latest "/container/tool/run" 16 hours ago Up 16 hours 0.0.0.0:389->389/tcp, 0.0.0.0:636->636/tcp my-openldap-container

my ldapsearch command works fine from my ldap client .

[root@centos77 ~]# ldapsearch -x -H ldap://"ip of the machine where my container is running" -b dc=powerflex,dc=com -D "cn=admin,dc=powerflex,dc=com" -w admin

extended LDIF

#

LDAPv3

base with scope subtree

filter: (objectclass=*)

requesting: ALL

#

powerflex.com

dn: dc=powerflex,dc=com objectClass: top objectClass: dcObject objectClass: organization o: Powerflex dc: powerflex

admin, powerflex.com

dn: cn=admin,dc=powerflex,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9dXVXNFRucW03OEJKSjFBejVHZFFObzJEWTlkbnBOUkQ=

nas1, powerflex.com

dn: uid=nas1,dc=powerflex,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: nas1 sn: ubuntu loginShell: /bin/bash uidNumber: 2000 gidNumber: 2000 homeDirectory: /home/nas1 uid: nas1

tualatin000 commented 3 years ago

I have a similar problem that has been bothering me for a long time.