How to test a LDAP connection from a client
Solution 1
Use ldapsearch. It will return an error if you cannot query the LDAP Server.
The syntax for using ldapsearch:
ldapsearch -x -LLL -h [host] -D [user] -w [password] -b [base DN] -s sub "([filter])" [attribute list]
A simple example
$ ldapsearch -x -LLL -h host.example.com -D user -w password -b"dc=ad,dc=example,dc=com" -s sub "(objectClass=user)" givenName
Please see this link: http://randomerror.wordpress.com/2009/10/16/quick-tip-how-to-search-in-windows-active-directory-from-linux-with-ldapsearch/
Edit: It seems you don't have pam configured corectlly for gdm/xdm here is an example how to do it: http://pastebin.com/TDK4KWRV
Solution 2
To know if my server and clients settings are correct I use this:
ldapsearch -x -b "uid=username,ou=people,dc=example,dc=com"
the answer will be something like this on success:
# extended LDIF
#
# LDAPv3
# base <uid=username,ou=people,dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# username, people, example.com
dn: uid=username,ou=people,dc=example,dc=com
cn: User Name
uid: username
uidNumber: 1050
loginShell: /bin/bash
homeDirectory: /home/webminder
gidNumber: 1030
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: inetOrgPerson
gecos: User Name
sn: User Name
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
you can use different filters. I only have one server on my network
Solution 3
Your problem is not LDAP, It's PAM.
As noted in the comments on Sacx's answer you probably do not have the console login application (usually the PAM system, xdm, gdm, etc. service(s)) configured to consult LDAP for authenticating users.
You should review the PAM documentation for more information on how to set this up.
Related videos on Youtube
29 : 46
![How to Enable LDAP Signing in Windows Server and Client Machines [Tutorial]](https://i.ytimg.com/vi/Y7RYbW1Tpsk/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLC_8rUWkKXUumpTYmoTfU7D4VWMpA)
03 : 03
04 : 48
02 : 39
09 : 12
FELDAP
Updated on September 18, 2022Comments
-
FELDAP almost 2 years
How to check the LDAP connection from a client to server. I'm working on the LDAP authentication and this client desktop needs to authenticate via a LDAP server. I can SSH to the LDAP server using LDAP user but When in desktop login prompt, I can't login. It says Authentication failure.
Client machine has Cent OS 6.3 and LDAP server has Cent OS 5.5
LDAP software is Openldap.
LDAP servers logs doesn't even show any messages.
So, how to test whether the client can successfully connect to LDAP or not.
-
Ernie over 6 yearsAs a minor note to this old post, you can do a search (ie ldapsearch) w/o PAM being setup, but to get users to auth via LDAP you will need PAM setup for LDAP. A basic ldapsearch just shows you have the ldap lib and client tools packages installed (ie. yum install openldap openldap-clients) and can reach the LDAP directory server(s). Its a good step in the setup or troubleshooting process.
-
-
FELDAP over 11 yearsI'm using this command: ldapsearch -h hostname -x -b "dc=example,dc=com" 'uid=user' and it returns that user info from the LDAP database. But I'm not able to login to the desktop via LDAP authentication.
-
FELDAP over 11 yearsYes, I guess its the client. Its not even searching for the LDAP server. What should be done to make the client to lookup LDAP server for authentication? I have edited the /etc/pam.d/system-auth. You can check here: pastebin.com/jQjN7cYU
-
Marcela Lozano over 11 yearsUse ldapwhoami with correct parameters and try to authenticate with your user.
-
Marcela Lozano over 11 yearsdo you followed a tutorial to prepare the client for gdm/xdm authentication ?
-
FELDAP over 11 yearsWhen I use ldapwhoami -h xxx.xxx.xxx.xxx -U username, it returns the error: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: An invalid name was supplied (Cannot determine realm for numeric host address) <br> . I used this documentation for to configure client: server-world.info/en/note?os=CentOS_5&p=ldap&f=2
-
Marcela Lozano over 11 yearsDid you check TLS ? Try to remove TLS from configuration. IS working to authenticate from console ?
-
FELDAP over 11 yearsNo, I did not check TLS. I didn't configure TLS. But when I try to login to the LDAP server via SSH, it works. The LDAP user gets logged in to that LDAP server.
-
Marcela Lozano over 11 yearsOk. that means you don't have authentication configured for Xdm. compare /etc/pam.d/sshd and /etc/pam.d/Xdm .Xdm can be gdm, kdm, lightdm etc.
-
Marcela Lozano over 11 yearsHere is some ldap configuration for GDM for pam ldots.org/ldap
-
FELDAP over 11 yearsHere is the gdm: pastebin.com/XtVDRfbi and here is the sshd: pastebin.com/MLL8s5xe. Its different and how do I configure to make it work? Any helpful links?
-
Marcela Lozano over 11 yearsTest this configuration: pastebin.com/TDK4KWRV
-
FELDAP over 11 yearsI have already configured those files, yet its not working. You can check the files I posted in the above comments. LDAP really lacks its documents.
-
FELDAP over 11 yearsOk. Atleast I got the ldap working in console mode using this tutorial: server-world.info/en/note...x_6&p=ldap&f=2 . Nice tutorial, exact steps. Now I need to work on GDM ldap.
-
Marcela Lozano over 11 yearsYour urls is browken ...
-
FELDAP over 11 yearsSorry. I think URL is suppressed when I posted here. URL is : http:// www. server-world. info/en/note?os=Scientific_Linux_6&p=ldap&f=2 . Please remove spaces.
-
FELDAP over 11 yearsAn update. Now,I rebooted the client machine and when it came to login prompt (GDM). I pressed F1 to go to console mode. Then I typed getent passwd and no LDAP users were returned. So it didn't connect to LDAP server till now. Then I came back to GDM login prompt again and logged in as local user. Then opened terminal and typed getent passwd and LDAP accounts were returned. Then I thought I can try one trick. I clicked switch user and then when I came back in GDM login prompt, I typed LDAP username and password and WOW, I'm able to login to the desktop via LDAP authentication.
-
FELDAP over 11 yearsSo, now the issue is, for the LDAP authentication to work, I need to first login to the local account and then switch that user and then login as LDAP user.
-
FELDAP over 11 yearswhy does it work when I logged in to local account and then switch user and why it doesn't work if I do not login as local user.
