Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
OpenLDAP login in Raspberry Pi [bug filed]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
hika
Apprentice
Apprentice


Joined: 13 Mar 2009
Posts: 234
Location: Utrecht

PostPosted: Mon Apr 25, 2016 8:25 pm    Post subject: OpenLDAP login in Raspberry Pi [bug filed] Reply with quote

For years now I have an OpenLDAP DB running to manage all my logins. Linux, Samba, Mail, etc.
I have been experimenting with Raspberry Pi and I can not get it working.
I have nsswitch.conf. ldap.conf and pam.d set up as usual.
It seems it is not able to connect to the database as I see in the log "error trying to bind (invalid credentials)
At present my guess is that I need to load one or more kernel modules, possibly cryptographic as I do have the bind password encrypted with SSHA in /etc/ldap.conf, but I do not know which modules to load. Probably it are modules that are in a AMD64/X86 kernel by default.

Hika


Last edited by hika on Fri Apr 29, 2016 1:54 am; edited 1 time in total
Back to top
View user's profile Send private message
hika
Apprentice
Apprentice


Joined: 13 Mar 2009
Posts: 234
Location: Utrecht

PostPosted: Tue Apr 26, 2016 7:41 pm    Post subject: Reply with quote

I got a bit wizer. I found this: https://www.darkalchemist.co.uk/2014/05/30/ldap-raspberry-pi/ claiming a missing link in /lib to be the cause. While this did not solve anything I found weird inconsistencies between a AMD64 install of nss_ldap and the ARM install.
On AMD64 I have a 64 bit library /lib64/libnss_ldap-2.20.so with links to: /lib64/libnss_ldap.so.2 and /usr/lib64/libnss_ldap.so.2 and a 32 bit library /usr/lib32/libnss_ldap-2.20.so linking to /usr/lib32/libnss_ldap.so.2.
On the Raspberry Pi I got /lib/nss_ldap.so.1 linking to /lib/nss_ldap.so

Why the name and version differences? They are both nns_ldap-265-r5 and adding the sugested link to /lib/libnss_ldap.so.2 defenitly gives a reaction (a freeze), so that one is expected by nss.

Is this a bug?

Hika
Back to top
View user's profile Send private message
hika
Apprentice
Apprentice


Joined: 13 Mar 2009
Posts: 234
Location: Utrecht

PostPosted: Tue Apr 26, 2016 10:21 pm    Post subject: Reply with quote

Ok, so it is a combination of two things.
1 A wrong library name or at leas a missing simlink. /lib/nss_ldap.so.1 should be /lib/libnss_ldap.so.2. I probably will file a bug.
2 Unable to read the SSHA encrypted password in /etc/ldap.conf

So I can get it to work with a plain password, but that I do not want.
So am I missing a library or kernel module and if so which?

Any suggestions on where to look? It is probably either nss or pam related.

Hika
Back to top
View user's profile Send private message
hika
Apprentice
Apprentice


Joined: 13 Mar 2009
Posts: 234
Location: Utrecht

PostPosted: Fri Apr 29, 2016 1:52 am    Post subject: Reply with quote

Number 2 was my fault. Somehow while trying things /etc/openldap/ldap.conf and /etc/ldap.conf got mixed up. Only the first accepts an encrypted password.
I filed a bug report about the library names: https://bugs.gentoo.org/show_bug.cgi?id=581306
Back to top
View user's profile Send private message
NightDragon
Veteran
Veteran


Joined: 21 Aug 2004
Posts: 1156
Location: Vienna (Austria)

PostPosted: Sat May 28, 2016 8:10 pm    Post subject: symlink bug confirmed Reply with quote

Hey guys!

I got the same Bug on my Raspberry Pi2.
Thanks to this thread i was able to fix it by creating the symlink
_________________
You are the problem too all my solutions ;)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum