[Scottish] More LDAP woes

Phillip Bennett phillip at mve.com
Thu Jun 21 14:49:51 BST 2007 

Hi everyone,

I've finally got my LDAP directory set up and almost working! I can see it 
using two different LDAP browsers that I have installed, and I can use 
ldapsearch from the command line with the '-x' option (Simple 
Authentication).  I can even use ldapsearch -x -D "<my username>" etc..

What gets me though, is that I can't run other commands on it like 
'ldapwhoami', and I can't logon using LDAP either..  When I do, I get the 
following message:

 ~]$ ldapwhoami
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
        additional info: SASL(-13): user not found: no secret in database


I've been reading up on SASL for the past two days and have been directed to 
kerberos from a few pages.  I now have a working kerberos KDC as well. 
However, I was hoping not to have to do this, as it means setting up the 
clients for kerberos as well.

So far, what I have is an LDAP database that works with autofs.  However, it 
doesn't allow me to logon to workstations.  When I do, I get the following 
error:

[root at shona ~]# su - phillip
id: cannot find name for group ID 2066
id: cannot find name for user ID 2066
[phillip at shona ~]$ ssh localhost
You don't exist, go away!

Now, I know what the 'go away' error is all about.  What I don't know is why 
it happens.

My setup is as follows:

Redhat ES4 - all software at latest redhat versions
ldap 2.2.13
autofs 4.1.3-199.3
kernel 2.6.9-55
cyrus-sasl 2.1.19 (inc. md5, ntlm, sql, gssapi)
kerberos 1.3.4-47

Does anyone have any helpful information for getting these final bits setup? 
I have read in a few places that Redhat puts the SASL stuff in by default 
and it can't be turned off.  The same people usually say that it's best to 
recompile from source and leave the SASL support out.  Would anyone agree 
with that?  I feel that I've come so far and I'm understanding so much more, 
but I am still just so far away from getting anything to actually WORK! 
It's just so frustrating...  On the plus side, I have now discovered strace. 
It has helped me fix a few errors these past few days.  :)

Any help you can give is greatly appreciated!

Thanks in advance,
Phil.

More information about the Scottish mailing list