74

How to check the LDAP connection from a client to server. I'm working on the LDAP authentication and this client desktop needs to authenticate via a LDAP server. I can SSH to the LDAP server using LDAP user but When in desktop login prompt, I can't login. It says Authentication failure.

Client machine has Cent OS 6.3 and LDAP server has Cent OS 5.5

LDAP software is Openldap.

LDAP servers logs doesn't even show any messages.

So, how to test whether the client can successfully connect to LDAP or not.

voretaq7
  • 80,749
FELDAP
  • 989

3 Answers3

65

Use ldapsearch. It will return an error if you cannot query the LDAP Server.

The syntax for using ldapsearch:

ldapsearch -x -LLL -h [host] -D [user] -w [password] -b [base DN] -s sub "([filter])" [attribute list]

A simple example

$ ldapsearch -x -LLL -h host.example.com -D user -w password -b"dc=ad,dc=example,dc=com" -s sub "(objectClass=user)" givenName

Please see this link: http://randomerror.wordpress.com/2009/10/16/quick-tip-how-to-search-in-windows-active-directory-from-linux-with-ldapsearch/

Edit: It seems you don't have pam configured corectlly for gdm/xdm here is an example how to do it: http://pastebin.com/TDK4KWRV

Note for ldapsearch >= 2.5: If using ldapsearch from openldap, the options -h and -p were dropped in version 2.5. Use -H instead:

$ ldapsearch -H ldapuri -D binddn -w password -b searchbase filter

where ldapuri could contain protocol/host/port fields, e.g.: ldaps://ldap.example.org:636

fission
  • 3,761
Sacx
  • 2,641
8

To know if my server and clients settings are correct I use this:

ldapsearch -x -b "uid=username,ou=people,dc=example,dc=com"

the answer will be something like this on success:

# extended LDIF
#
# LDAPv3
# base <uid=username,ou=people,dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# username, people, example.com
dn: uid=username,ou=people,dc=example,dc=com
cn: User Name
uid: username
uidNumber: 1050
loginShell: /bin/bash
homeDirectory: /home/webminder
gidNumber: 1030
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: inetOrgPerson
gecos: User Name
sn: User Name

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

you can use different filters. I only have one server on my network

MeduZa
  • 81
4

Your problem is not LDAP, It's PAM.

As noted in the comments on Sacx's answer you probably do not have the console login application (usually the PAM system, xdm, gdm, etc. service(s)) configured to consult LDAP for authenticating users.

You should review the PAM documentation for more information on how to set this up.

Community
  • 1
voretaq7
  • 80,749