[lug:17526] nscd: nss_ldap: could not search LDAP server - Server is unavailable

[Santhosh]

Hi all,
I have been trying to integrate pam_ldap in my CentOS machine. I
installed the pam_ldap package through yum.
/lib64/security/pam_ldap.so is present.
I did necessary changes in the /etc/pam.d/login, sshd, passwd  files
to first look into the shadow file then fallback to ldap.  but Im able
to authenticate the users whose password in the shadow file. But when
I try to authenticate the user whose information stored in the ldap,
it is failing complaining that "pam_ldap: error trying to bind
(Invalid credentials)".
I have also tried the ldapsearch command line utility of the ldap
there the same Dn, user, password are working and successfully able to
connect the ldap server.
I have done necessary changes in the /etc/ldap.conf.
# this file must be world readable (0644)
BASE       DC=my,DC=example,DC=com

# FQDN of the LDAP server
#HOST       XXX.XXX.XXX.XXX

# encryption used for storing passwords
#pam_crypt

#ldap_version 3

# bindpw is only needed if you want to allow root to change entries on
# this host.
# it's also better to keep the password in /etc/ldap.secret (0600)
instead
#bindpw {crypt}4rKJLSLewr
#base DC=my,DC=example,DC=com
uri ldap://newldap.my.example.com
binddn  CN=santhosh,OU=Service Accounts,OU=Enterprise
Services,DC=my,DC=example,DC=com
bindpw santhosh123
#{md5}ea7bb3f922e875d6efc3a3fbbbada590
port 389
timelimit 120
bind_timelimit 30
bind_policy soft
idle_timelimit 3600
pam_password crypt
ssl no
scope LDAP_SCOPE_BASE
# this one is to allow root to change entries
# it will require bindpw or password in /etc/ldap.secret
#rootbinddn cn=root,dc=example,dc=com
#rootbinddn CN=santhosh,OU=Service Accounts,OU=Enterprise
Services,DC=my,DC=example,DC=com

# this for group access
nss_base_passwd  DC=my,DC=example,DC=com
nss_base_shadow DC=my,DC=example,DC=com
nss_base_group  OU=Service Accounts,OU=Enterprise
Services,DC=my,DC=example,dc=com
nss_reconnect_tries 60
pam_filter objectclass=posixAccount
pam_login_attribute uid

# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# TBD: where to put this certificate anyway?


Any one has expertise on it ?. Appreciate if anyone can help.

Thanks,
Santhosh

-- 
You received this message because you are subscribed to the Linux Users Group.
To post a message, send email to linuxusersgroup@googlegroups.com
To unsubscribe, send email to linuxusersgroup-unsubscr...@googlegroups.com
For more options, visit our group at 
http://groups.google.com/group/linuxusersgroup
Please remember to abide by our list rules (http://tinyurl.com/LUG-Rules or 
http://cdn.fsdev.net/List-Rules.pdf)