OpenLDAP with TLS - ldapsearch works, authentication not

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.

Do you use (OpenLDAP) for authentication?

Hell no, NIS it is!
Just the files man...
What the fudge are you talkin' about??
Total votes: 10

User avatar
Posts: 1
Joined: Wed Oct 19, 2005 4:00 am
Location: Brussels, Belgium

OpenLDAP with TLS - ldapsearch works, authentication not

Unread postby sonicwim » Wed Oct 26, 2005 6:44 am


Since we upgraded to the latest IRIX version about a month ago I've been trying to get them boxes to use a Linux server running the latest OpenLDAP with TLS as source of their authentication, but no luck so far.

Running OpenLDAP on one of our SGI's itself (to see if this would give some more info) works too, but it's still a no go for authentication.
I can query the SGI server with ldapsearch locally, as well as from a remote machine, and I can also query the remote server with ldapsearch from my SGI box. :cry:

The only relevant info in the logs is: Can't contact LDAP server...

So before I start posting a bunch of config files somebody might have an idea of something I might be missing...

Also, is there some sort of good tutorial for this, because I kinda used a Gentoo Linux one to get the server up and running, but the client config is somewhat different and I haven't found a good one.



User avatar
Posts: 4
Joined: Wed Oct 11, 2006 12:10 pm
Location: Aurora, IL

Unread postby jerky » Thu Oct 19, 2006 6:46 pm

MultiPlatform single-sign on has been an obsession of mine for quite a while. Not too long ago I bought an octane and media from eBay. I've had some degree of success in getting it working(SSO that is). How far have you gotten and what's your end goal? LDAP logon via the Graphical console? did you get it working without SSL yet? My inital focus was on getting telnet/ssh working first. Below are my reaaaalllly rough notes on things that helped me(obviously they need to be fleshed out more). I didn't get SSL working yet(and hasn't been very important to me since I'm using LDAP in conjuction with KerberosV) I found the article at to be helpful

This has been tested on an SGI Octane running IRIX 6.5.27
The first steps are to edit the two files /var/ns/ldap.conf and /etc/nsswitch.conf
aftewards you can either:
nsadmin flush nsadmin restart
killall -HUP nsd
if you then issue:
id <ldap user name>
you should get back some info
next is Kerberos.

Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest