For years now I have an OpenLDAP DB running to manage all my logins. Linux, Samba, Mail, etc.
I have been experimenting with Raspberry Pi and I can not get it working.
I have nsswitch.conf. ldap.conf and pam.d set up as usual.
It seems it is not able to connect to the database as I see in the log "error trying to bind (invalid credentials)
At present my guess is that I need to load one or more kernel modules, possibly cryptographic as I do have the bind password encrypted with SSHA in /etc/ldap.conf, but I do not know which modules to load. Probably it are modules that are in a AMD64/X86 kernel by default.
Hika
OpenLDAP login in Raspberry Pi [bug filed]
Message
OpenLDAP login in Raspberry Pi [bug filed]
Last edited by hika on Fri Apr 29, 2016 1:54 am, edited 1 time in total.
I got a bit wizer. I found this: https://www.darkalchemist.co.uk/2014/05 ... pberry-pi/ claiming a missing link in /lib to be the cause. While this did not solve anything I found weird inconsistencies between a AMD64 install of nss_ldap and the ARM install.
On AMD64 I have a 64 bit library /lib64/libnss_ldap-2.20.so with links to: /lib64/libnss_ldap.so.2 and /usr/lib64/libnss_ldap.so.2 and a 32 bit library /usr/lib32/libnss_ldap-2.20.so linking to /usr/lib32/libnss_ldap.so.2.
On the Raspberry Pi I got /lib/nss_ldap.so.1 linking to /lib/nss_ldap.so
Why the name and version differences? They are both nns_ldap-265-r5 and adding the sugested link to /lib/libnss_ldap.so.2 defenitly gives a reaction (a freeze), so that one is expected by nss.
Is this a bug?
Hika
On AMD64 I have a 64 bit library /lib64/libnss_ldap-2.20.so with links to: /lib64/libnss_ldap.so.2 and /usr/lib64/libnss_ldap.so.2 and a 32 bit library /usr/lib32/libnss_ldap-2.20.so linking to /usr/lib32/libnss_ldap.so.2.
On the Raspberry Pi I got /lib/nss_ldap.so.1 linking to /lib/nss_ldap.so
Why the name and version differences? They are both nns_ldap-265-r5 and adding the sugested link to /lib/libnss_ldap.so.2 defenitly gives a reaction (a freeze), so that one is expected by nss.
Is this a bug?
Hika
Ok, so it is a combination of two things.
1 A wrong library name or at leas a missing simlink. /lib/nss_ldap.so.1 should be /lib/libnss_ldap.so.2. I probably will file a bug.
2 Unable to read the SSHA encrypted password in /etc/ldap.conf
So I can get it to work with a plain password, but that I do not want.
So am I missing a library or kernel module and if so which?
Any suggestions on where to look? It is probably either nss or pam related.
Hika
1 A wrong library name or at leas a missing simlink. /lib/nss_ldap.so.1 should be /lib/libnss_ldap.so.2. I probably will file a bug.
2 Unable to read the SSHA encrypted password in /etc/ldap.conf
So I can get it to work with a plain password, but that I do not want.
So am I missing a library or kernel module and if so which?
Any suggestions on where to look? It is probably either nss or pam related.
Hika
Number 2 was my fault. Somehow while trying things /etc/openldap/ldap.conf and /etc/ldap.conf got mixed up. Only the first accepts an encrypted password.
I filed a bug report about the library names: https://bugs.gentoo.org/show_bug.cgi?id=581306
I filed a bug report about the library names: https://bugs.gentoo.org/show_bug.cgi?id=581306
- NightDragon
- Veteran
- Posts: 1156
- Joined: Sat Aug 21, 2004 11:10 pm
- Location: Vienna (Austria)
symlink bug confirmed
Hey guys!
I got the same Bug on my Raspberry Pi2.
Thanks to this thread i was able to fix it by creating the symlink
I got the same Bug on my Raspberry Pi2.
Thanks to this thread i was able to fix it by creating the symlink
You are the problem too all my solutions 