root user and unwanted failing ldap requests

by Benji H :: Rate this Message:

Morning...

Am hoping someone can help me with this problem. I've got pam_ldap working fine (debian etch, all from apt repos). I can auth, change passwords, sudo works. I can even log in as root when slapd is unreachable. My only issue is when I try and log in as root over SSH I get the following:

Dec 5 12:38:30 core sshd[20812]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Dec 5 12:39:07 core sshd[20812]: pam_ldap: ldap_simple_bind Can't contact LDAP server

and

Dec 4 19:51:49 core sshd[19493]: nss_ldap: could not connect to any LDAP server as cn=admin,dc=example - Can't contact LDAP server
Dec 4 19:51:49 core sshd[19493]: nss_ldap: failed to bind to LDAP server ldaps://ldap.xxxxxx.com/: Can't contact LDAP server

it works perfectly for any user.

I've got the following:

root@core:~# egrep -v "^(#.*)?$" /etc/pam_ldap.conf
base dc=example
uri ldaps://ldap.xxxxxx.com/
ldap_version 3
rootbinddn cn=admin,dc=example
nss_initgroups_ignoreusers root

root@core:~# egrep -v "^(#.*)?$" /etc/libnss-ldap.conf
base dc=example
uri ldaps://ldap.xxxxxx.com/
ldap_version 3
rootbinddn cn=admin,dc=example
pam_min_uid 2000
pam_password exop
nss_base_passwd ou=People,dc=example?one?|(host=\*)(host=dc1)
ssl on
tls_cacertfile /etc/ssl/ca.cert
nss_initgroups_ignoreusers root

Any pointers would be wonderful, thanks!

--
Ben Hughes

« Return to Thread: root user and unwanted failing ldap requests