389 server, openldap clients, Foreman

Issues related to configuring your network
Post Reply
iwishitwouldwork
Posts: 88
Joined: 2014/02/08 14:56:39

389 server, openldap clients, Foreman

Post by iwishitwouldwork » 2020/07/01 20:51:01

My 389 server is running Centos 8. For the moment I'm only planning
to use the 389 server as my LDAP server. Ultimately I'm going to want
to use the 389 server as the LDAP server that works with Foreman.
I started down this road, hit a snag, and then, while trying to solve it
I ran into stuff that was EOD'd, deprecated, whatever. I'm getting lost.

Here's what I can do as of 1 July. My 389 server will act as an LDAP
server for the machine running the server -- that is, I can't get any clients
to refer to my 389 server (called fs) as the LDAP server. I was able
to do that when my server was openldap. Openldap is now... deprecated?
something like that. And Foreman seems to insist on the 389 server.

My clients are a mix of Centos 8 and Raspbian/R. Pi OS; both of which
use openldap stuff as their client -- AFAICT.

Okay, so after all that, what's my issue? All of my clients say this:

Code: Select all

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Now, elsewhere I see that authconfig is to be replaced by authselect,
but evidently authselect is not to be used under all circumstances(?).
Can/should I use authselect if I'm ultimately going to use Foreman?
If so, can someone direct me to an authselect tutorial? (I'm struggling
with the man page.)

In a sense I'm only trying to move my LDAP server from one machine
to another, but now it looks like my choice of server may conflict with
other stuff.
Top
iwishitwouldwork
Posts: 88
Joined: 2014/02/08 14:56:39

Re: 389 server, openldap clients, Foreman--Fixed.

Post by iwishitwouldwork » 2020/07/05 02:56:01

Okay, so, I'm an idiot.

After much bumbling around it looks like the magic potion was to set

Code: Select all

BASE=value
URI=value
in the client's /etc/openldap/ldap.conf . This I had not done
previously. I thought that was settled by /root/.dsrc but, no.
Unless I need both such things. So I'm making progress.

I don't know if there are issues between what I've done so
far and Foreman. I won't know for a while.
Top
iwishitwouldwork
Posts: 88
Joined: 2014/02/08 14:56:39

Re: 389 server, openldap clients, Foreman

Post by iwishitwouldwork » 2020/07/05 03:15:10

Okay, so, I'm an even bigger idiot.

The syntax I had in the previous post was wrong.

Code: Select all

# correct syntax
BASE  value
URI   value
and it now seems that all my sssd and certificate
gyrations were not relevant. Only ldap.conf mattered
I believe.

Sigh.
Top
Post Reply

Return to “8 /8-Stream / 9-Stream - Networking Support”