Eu configurei o openldap, tudo parece bem, mas eu não consigo configurar a autenticação,
#getent shadow | grep user
user:*:::::::
tuser:*:::::::
tuser2:*:::::::
#getent passwd | grep user
git:!:999:999:git daemon user:/:/bin/bash
user:x:10000:2000:Test User:/home/user/:/bin/zsh
tuser:x:10000:2000:Test User:/home/user/:/bin/zsh
tuser2:x:10002:2000:Test User:/home/tuser2/:/bin/zsh
do root eu posso fazer login como um desses usuários
#su - tuser2
su: warning: cannot change directory to /home/tuser2/: No such file or directory
10:24 tuser2@juliet:/root
eu não consigo entrar via ssh também passwd não está funcionando
#ldapwhoami -h 192.168.10.156 -D "uid=user,ou=People,dc=xcl,dc=ie"
ldap_bind: Server is unwilling to perform (53)
additional info: unauthenticated bind (DN with no password) disallowed
10:30 root@juliet:~
#ldapwhoami -h 192.168.10.156 -D "uid=user,ou=People,dc=xcl,dc=ie" -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
senha digitada por mim está correta
/etc/openldap/slapd.conf
acesso a dn.base="" by * read
acesso a dn.base="cn = Subschema" por * read
acesso a *
por auto escrever
por usuários lidos
por anônimo ler
access to *
by dn="uid=root,ou=Roles,dc=xcl,dc=ie" write
by users read
by anonymous auth
access to attrs=userPassword,gecos,description,loginShell
by self write
access to attrs="userPassword"
by dn="uid=root,ou=Roles,dc=xcl,dc=ie" write
by anonymous auth
by self write
by * none
access to *
by dn="uid=root,ou=Roles,dc=xcl,dc=ie" write
by dn="uid=achmiel,ou=People,dc=xcl,dc=ie" write
by * search
access to attrs=userPassword
by self =w
by anonymous auth
access to *
by self write
by users read
database hdb
suffix "dc=xcl,dc=ie"
rootdn "cn=root,dc=xcl,dc=ie"
rootpw "{SSHA}AM14+..."
existem algumas partes desse arquivo conf
/etc/openldap/ldap.conf
parece:
BASE dc=xcl,dc=ie
URI ldap://192.168.10.156/
TLS_REQCERT allow
TIMELIMIT 2
então minha pergunta é o que eu estou perdendo que ldap não me permite login usando senha?