[OmniOS-discuss] ldap auth
Thierry Bingen
tbingen at homeshore.be
Thu Sep 5 09:44:31 UTC 2013
On Tue, 03 Sep 2013 12:17:07 -0700, Paul B. Henson kindly answered:
> On 9/2/2013 7:17 AM, Thierry Bingen wrote:
>
>> Suffering from exactly the same problem (LDAP bind failing after upgrading from r151004 to r151006), I tried your recipe; my /etc/default/init now contains:
>>
>> TZ="Europe/Brussels"
>> CMASK=022
>> NSS_HASH_ALG_SUPPORT=+MD5
>>
>> but it did not make any difference after reboot, e.g.:
>>
>> # ldapsearch -h ldap.xxx.net -p 636 -Z -v -P /var/ldap/cert8.db -D "cn=Directory Manager" -b "dc=xxx,dc=net" "cn=Thierry Bingen"
>> ldapsearch: started Mon Sep 2 15:29:40 2013 ldap_init( ldap.xxx.net, 636 )
>> ldap_simple_bind: Can't contact LDAP server
>
>
> If you run "echo $NSS_HASH_ALG_SUPPORT", is the environment variable set in the shell from which you are initiating the ldapsearch?
Oops, I should have checked this and, indeed:
root at lataie:~# echo $NSS_HASH_ALG_SUPPORT
[nothing]
hence I did
root at lataie:~# export NSS_HASH_ALG_SUPPORT=+MD5
root at lataie:~# echo $NSS_HASH_ALG_SUPPORT
+MD5
However, my ldapsearch command still fails just the same...
By the way, I forgot to mention that I snooped the packets arriving on the LDAP server and they get there without any problem.
> If you run "pargs -e <pid>" on the LDAP cache manager or name service cache process, does the environment variable show up?
The ldap_cachemgr daemon fails to start for the same reason. (The truth is that this failure is my REAL problem; I used the ldapsearch example to shorten the explanation of the situation...)
T.
More information about the OmniOS-discuss
mailing list