LDAP wikid-server-community-3.5.0-b1399 Centos 6.3

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

LDAP wikid-server-community-3.5.0-b1399 Centos 6.3

Michael Schefczyk
Dear Nick, dear All,

Previously, I had a running WiKID server under Centos 6.2 used to evaluate / for small amounts of administrative logons. When I wanted to rebuild the server under Centos 6.3 using the latest software, I did face problems with LDAP.

I did install the server by the book and as before. Since I could not create a new intermediate CA for the same Domain, I copied the files from /opt/WiKID/private to the new server. I also added the user wikid to sudo to avoid mail messages. In the new system, I did setup WAUTH and LDAP protocol modules, a domain, a network client and a user. Based on that setup, I can generate passcodes.

However, the debug log shows nothing in terms of the LDAP module working to verify the passcode. Also, ldalsearch does fail with the response "ldap_bind: Invalid DN syntax (34) additional info: invalid DN". The user name and the 12-digit-domain, seem to be as before, however.

I did sense that openldap has changed from Centos 6.2 to Centos 6.3. To get ldapsearch, I did install openldap-clients. In order to get any working ldap-server, I did install openldap-sever and start sldapd. Then, the error resonse above did result from the ldapsearch. Possibly, the new versions of WiKID, openldap and/or Centos require more ldap-configuration than before.

Could someone please provide a clue about where to start from here?

Regards,

Michael
Reply | Threaded
Open this post in threaded view
|

Re: LDAP wikid-server-community-3.5.0-b1399 Centos 6.3

Nick Owen
Administrator

If you run 'netstat -anp | grep 389' does it show java listening?

On Feb 18, 2013 6:47 AM, "Michael Schefczyk [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:
Dear Nick, dear All,

Previously, I had a running WiKID server under Centos 6.2 used to evaluate / for small amounts of administrative logons. When I wanted to rebuild the server under Centos 6.3 using the latest software, I did face problems with LDAP.

I did install the server by the book and as before. Since I could not create a new intermediate CA for the same Domain, I copied the files from /opt/WiKID/private to the new server. I also added the user wikid to sudo to avoid mail messages. In the new system, I did setup WAUTH and LDAP protocol modules, a domain, a network client and a user. Based on that setup, I can generate passcodes.

However, the debug log shows nothing in terms of the LDAP module working to verify the passcode. Also, ldalsearch does fail with the response "ldap_bind: Invalid DN syntax (34) additional info: invalid DN". The user name and the 12-digit-domain, seem to be as before, however.

I did sense that openldap has changed from Centos 6.2 to Centos 6.3. To get ldapsearch, I did install openldap-clients. In order to get any working ldap-server, I did install openldap-sever and start sldapd. Then, the error resonse above did result from the ldapsearch. Possibly, the new versions of WiKID, openldap and/or Centos require more ldap-configuration than before.

Could someone please provide a clue about where to start from here?

Regards,

Michael



To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

AW: LDAP wikid-server-community-3.5.0-b1399 Centos 6.3

Michael Schefczyk

Dear Nick,

 

Thank you very much for your prompt response! Netstat shows (where “CONNECTED” is my tranlation:

 

unix  3      [ ]         STREAM     CONNECTED     19389  2930/gnome-power-ma

unix  3      [ ]         STREAM     CONNECTED     14389  2270/gconfd-2      

unix  2      [ ]         DGRAM                    11389  1552/NetworkManager

 

The slapd service is running – however I am completely uncertain about its correct configuration.

 

Regards,

 

Michael

 

Von: Nick Owen [via WiKID Strong Authentication Forums] [mailto:ml-node+[hidden email]]
Gesendet: Montag, 18. Februar 2013 17:38
An: Prof. Dr. Michael Schefczyk
Betreff: Re: LDAP wikid-server-community-3.5.0-b1399 Centos 6.3

 

If you run 'netstat -anp | grep 389' does it show java listening?

On Feb 18, 2013 6:47 AM, "Michael Schefczyk [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

Dear Nick, dear All,

Previously, I had a running WiKID server under Centos 6.2 used to evaluate / for small amounts of administrative logons. When I wanted to rebuild the server under Centos 6.3 using the latest software, I did face problems with LDAP.

I did install the server by the book and as before. Since I could not create a new intermediate CA for the same Domain, I copied the files from /opt/WiKID/private to the new server. I also added the user wikid to sudo to avoid mail messages. In the new system, I did setup WAUTH and LDAP protocol modules, a domain, a network client and a user. Based on that setup, I can generate passcodes.

However, the debug log shows nothing in terms of the LDAP module working to verify the passcode. Also, ldalsearch does fail with the response "ldap_bind: Invalid DN syntax (34) additional info: invalid DN". The user name and the 12-digit-domain, seem to be as before, however.

I did sense that openldap has changed from Centos 6.2 to Centos 6.3. To get ldapsearch, I did install openldap-clients. In order to get any working ldap-server, I did install openldap-sever and start sldapd. Then, the error resonse above did result from the ldapsearch. Possibly, the new versions of WiKID, openldap and/or Centos require more ldap-configuration than before.

Could someone please provide a clue about where to start from here?

Regards,

Michael


To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML

 


To unsubscribe from LDAP wikid-server-community-3.5.0-b1399 Centos 6.3, click here.
NAML

Reply | Threaded
Open this post in threaded view
|

Re: AW: LDAP wikid-server-community-3.5.0-b1399 Centos 6.3

Nick Owen
Administrator

Hmm. Well, you shouldn't be running slapd on the WiKID server. It would cause conflicts.

On Feb 18, 2013 8:45 AM, "Michael Schefczyk [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

Dear Nick,

 

Thank you very much for your prompt response! Netstat shows (where “CONNECTED” is my tranlation:

 

unix  3      [ ]         STREAM     CONNECTED     19389  2930/gnome-power-ma

unix  3      [ ]         STREAM     CONNECTED     14389  2270/gconfd-2      

unix  2      [ ]         DGRAM                    11389  1552/NetworkManager

 

The slapd service is running – however I am completely uncertain about its correct configuration.

 

Regards,

 

Michael

 

Von: Nick Owen [via WiKID Strong Authentication Forums] [mailto:[hidden email][hidden email]]
Gesendet: Montag, 18. Februar 2013 17:38
An: Prof. Dr. Michael Schefczyk
Betreff: Re: LDAP wikid-server-community-3.5.0-b1399 Centos 6.3

 

If you run 'netstat -anp | grep 389' does it show java listening?

On Feb 18, 2013 6:47 AM, "Michael Schefczyk [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

Dear Nick, dear All,

Previously, I had a running WiKID server under Centos 6.2 used to evaluate / for small amounts of administrative logons. When I wanted to rebuild the server under Centos 6.3 using the latest software, I did face problems with LDAP.

I did install the server by the book and as before. Since I could not create a new intermediate CA for the same Domain, I copied the files from /opt/WiKID/private to the new server. I also added the user wikid to sudo to avoid mail messages. In the new system, I did setup WAUTH and LDAP protocol modules, a domain, a network client and a user. Based on that setup, I can generate passcodes.

However, the debug log shows nothing in terms of the LDAP module working to verify the passcode. Also, ldalsearch does fail with the response "ldap_bind: Invalid DN syntax (34) additional info: invalid DN". The user name and the 12-digit-domain, seem to be as before, however.

I did sense that openldap has changed from Centos 6.2 to Centos 6.3. To get ldapsearch, I did install openldap-clients. In order to get any working ldap-server, I did install openldap-sever and start sldapd. Then, the error resonse above did result from the ldapsearch. Possibly, the new versions of WiKID, openldap and/or Centos require more ldap-configuration than before.

Could someone please provide a clue about where to start from here?

Regards,

Michael


To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML

 


To unsubscribe from LDAP wikid-server-community-3.5.0-b1399 Centos 6.3, click here.
NAML




To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

AW: AW: LDAP wikid-server-community-3.5.0-b1399 Centos 6.3

Michael Schefczyk

Dear Nick,

 

Running slapd was only a rather hopeless try – I did not use it previously. After you reply, I did yum remove openldap-servers and chkconfig sladp off before rebooting. Then however, I was back at the problem I did experience before. This is that “ldapsearch -x -p 389 -h 192.168.2.35 -D 'uid=MichaelNetbook,domain=727272727272' -W '(objectclass=*)'” results in “ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)” after entering the passcode.

 

Netstat then results in:

 

tcp        0      0 127.0.0.1:5432              0.0.0.0:*                   LISTEN      3897/postmaster    

tcp        0      0 ::ffff:127.0.0.1:8389       :::*                        LISTEN      4130/java          

tcp        0      0 ::1:5432                    :::*                        LISTEN      3897/postmaster    

udp        0      0 ::1:32958                   ::1:32958                   VERBUNDEN   3897/postmaster    

unix  2      [ ACC ]     STREAM     HÖRT         17237  2594/notification-a /tmp/orbit-root/linc-a22-0-79e389ddac1b7

unix  2      [ ACC ]     STREAM     HÖRT         27485  3897/postmaster     /tmp/.s.PGSQL.5432

unix  2      [ ]         DGRAM                    27508  3897/postmaster    

unix  3      [ ]         STREAM     VERBUNDEN     22389  3350/at-spi-registr

unix  3      [ ]         STREAM     VERBUNDEN     17389  2571/pulseaudio    

unix  3      [ ]         STREAM     VERBUNDEN     17269  2594/notification-a /tmp/orbit-root/linc-a22-0-79e389ddac1b7

unix  3      [ ]         STREAM     VERBUNDEN     17247  2594/notification-a /tmp/orbit-root/linc-a22-0-79e389ddac1b7

unix  3      [ ]         STREAM     VERBUNDEN     17240  2594/notification-a /tmp/orbit-root/linc-a22-0-79e389ddac1b7

unix  3      [ ]         STREAM     VERBUNDEN     13389  1877/master        

 

Modifying the ldapsearch to use port 8389 or ip 127.0.0.1 does not help much either. Then, ldapsearch either leads to the same result or it does not return until pressing ctrl-c.

 

Regards,

 

Michael

 

Von: Nick Owen [via WiKID Strong Authentication Forums] [mailto:ml-node+[hidden email]]
Gesendet: Montag, 18. Februar 2013 17:53
An: Prof. Dr. Michael Schefczyk
Betreff: Re: AW: LDAP wikid-server-community-3.5.0-b1399 Centos 6.3

 

Hmm. Well, you shouldn't be running slapd on the WiKID server. It would cause conflicts.

On Feb 18, 2013 8:45 AM, "Michael Schefczyk [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

Dear Nick,

 

Thank you very much for your prompt response! Netstat shows (where “CONNECTED” is my tranlation:

 

unix  3      [ ]         STREAM     CONNECTED     19389  2930/gnome-power-ma

unix  3      [ ]         STREAM     CONNECTED     14389  2270/gconfd-2      

unix  2      [ ]         DGRAM                    11389  1552/NetworkManager

 

The slapd service is running – however I am completely uncertain about its correct configuration.

 

Regards,

 

Michael

To unsubscribe from LDAP wikid-server-community-3.5.0-b1399 Centos 6.3, click here.
NAML

Reply | Threaded
Open this post in threaded view
|

Re: AW: AW: LDAP wikid-server-community-3.5.0-b1399 Centos 6.3

Nick Owen
Administrator

It could be related to this thread http://wikid-strong-authentication-forums.1491522.n2.nabble.com/LDAP-error-td7574748.html, as i don't think that ever got fixed, though I'm also not sure it was part of the issue.

On Feb 18, 2013 12:28 PM, "Michael Schefczyk [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

Dear Nick,

 

Running slapd was only a rather hopeless try – I did not use it previously. After you reply, I did yum remove openldap-servers and chkconfig sladp off before rebooting. Then however, I was back at the problem I did experience before. This is that “ldapsearch -x -p 389 -h 192.168.2.35 -D 'uid=MichaelNetbook,domain=727272727272' -W '(objectclass=*)'” results in “ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)” after entering the passcode.

 

Netstat then results in:

 

tcp        0      0 127.0.0.1:5432              0.0.0.0:*                   LISTEN      3897/postmaster    

tcp        0      0 ::ffff:127.0.0.1:8389       :::*                        LISTEN      4130/java          

tcp        0      0 ::1:5432                    :::*                        LISTEN      3897/postmaster    

udp        0      0 ::1:32958                   ::1:32958                   VERBUNDEN   3897/postmaster    

unix  2      [ ACC ]     STREAM     HÖRT         17237  2594/notification-a /tmp/orbit-root/linc-a22-0-79e389ddac1b7

unix  2      [ ACC ]     STREAM     HÖRT         27485  3897/postmaster     /tmp/.s.PGSQL.5432

unix  2      [ ]         DGRAM                    27508  3897/postmaster    

unix  3      [ ]         STREAM     VERBUNDEN     22389  3350/at-spi-registr

unix  3      [ ]         STREAM     VERBUNDEN     17389  2571/pulseaudio    

unix  3      [ ]         STREAM     VERBUNDEN     17269  2594/notification-a /tmp/orbit-root/linc-a22-0-79e389ddac1b7

unix  3      [ ]         STREAM     VERBUNDEN     17247  2594/notification-a /tmp/orbit-root/linc-a22-0-79e389ddac1b7

unix  3      [ ]         STREAM     VERBUNDEN     17240  2594/notification-a /tmp/orbit-root/linc-a22-0-79e389ddac1b7

unix  3      [ ]         STREAM     VERBUNDEN     13389  1877/master        

 

Modifying the ldapsearch to use port 8389 or ip 127.0.0.1 does not help much either. Then, ldapsearch either leads to the same result or it does not return until pressing ctrl-c.

 

Regards,

 

Michael

 

Von: Nick Owen [via WiKID Strong Authentication Forums] [mailto:[hidden email][hidden email]]
Gesendet: Montag, 18. Februar 2013 17:53
An: Prof. Dr. Michael Schefczyk
Betreff: Re: AW: LDAP wikid-server-community-3.5.0-b1399 Centos 6.3

 

Hmm. Well, you shouldn't be running slapd on the WiKID server. It would cause conflicts.

On Feb 18, 2013 8:45 AM, "Michael Schefczyk [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

Dear Nick,

 

Thank you very much for your prompt response! Netstat shows (where “CONNECTED” is my tranlation:

 

unix  3      [ ]         STREAM     CONNECTED     19389  2930/gnome-power-ma

unix  3      [ ]         STREAM     CONNECTED     14389  2270/gconfd-2      

unix  2      [ ]         DGRAM                    11389  1552/NetworkManager

 

The slapd service is running – however I am completely uncertain about its correct configuration.

 

Regards,

 

Michael

To unsubscribe from LDAP wikid-server-community-3.5.0-b1399 Centos 6.3, click here.
NAML




To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML