How to Test an LDAP Connection from a Client

How to Test an LDAP Connection from a Client

https://serverfault.com/questions/452935/how-to-test-a-ldap-connection-from-a-client

Asked 12 years, 11 months ago Modified 2 years, 6 months ago Viewed 748k times 74

How to check the LDAP connection from a client to server. I’m working on the LDAP authentication and this client desktop needs to authenticate via a LDAP server. I can SSH to the LDAP server using LDAP user but When in desktop login prompt, I can’t login. It says Authentication failure.

Client machine has Cent OS 6.3 and LDAP server has Cent OS 5.5

LDAP software is Openldap.

LDAP servers logs doesn’t even show any messages.

So, how to test whether the client can successfully connect to LDAP or not.

ldappam-ldap

Share Improve this question Follow edited Nov 28, 2012 at 21:47 voretaq7’s user avatar voretaq7 80.8k1818 gold badges135135 silver badges221221 bronze badges asked Nov 28, 2012 at 10:18 FELDAP’s user avatar FELDAP 98922 gold badges1010 silver badges2222 bronze badges

3
As a minor note to this old post, you can do a search (ie ldapsearch) w/o PAM being setup, but to get users to auth via LDAP you will need PAM setup for LDAP. A basic ldapsearch just shows you have the ldap lib and client tools packages installed (ie. yum install openldap openldap-clients) and can reach the LDAP directory server(s). Its a good step in the setup or troubleshooting process. – 
Ernie
Commented Oct 13, 2017 at 0:39

Add a comment 3 Answers Sorted by: 66

Use ldapsearch. It will return an error if you cannot query the LDAP Server.

The syntax for using ldapsearch:

ldapsearch -x -LLL -h [host] -D [user] -w [password] -b [base DN] -s sub “([filter])” [attribute list]

A simple example

$ ldapsearch -x -LLL -h host.example.com -D user -w password -b”dc=ad,dc=example,dc=com” -s sub “(objectClass=user)” givenName

Please see this link: http://randomerror.wordpress.com/2009/10/16/quick-tip-how-to-search-in-windows-active-directory-from-linux-with-ldapsearch/

Edit: It seems you don’t have pam configured corectlly for gdm/xdm here is an example how to do it: http://pastebin.com/TDK4KWRV

Note for ldapsearch >= 2.5: If using ldapsearch from openldap, the options -h and -p were dropped in version 2.5. Use -H instead:

$ ldapsearch -H ldapuri -D binddn -w password -b searchbase filter

where ldapuri could contain protocol/host/port fields, e.g.: ldaps://ldap.example.org:636 Share Improve this answer Follow edited Apr 5, 2023 at 8:04 fission’s user avatar fission 3,76122 gold badges2424 silver badges3131 bronze badges answered Nov 28, 2012 at 10:38 Sacx’s user avatar Sacx 2,6511717 silver badges1414 bronze badges

I'm using this command: ldapsearch -h hostname -x -b "dc=example,dc=com" 'uid=user' and it returns that user info from the LDAP database. But I'm not able to login to the desktop via LDAP authentication. – 
FELDAP
Commented Nov 28, 2012 at 10:46 

If your server doesn’t have any error, then probably is from your client. Please take a look on the auth.log and see what is there related to ldap. – Sacx Commented Nov 28, 2012 at 10:48 Yes, I guess its the client. Its not even searching for the LDAP server. What should be done to make the client to lookup LDAP server for authentication? I have edited the /etc/pam.d/system-auth. You can check here: pastebin.com/jQjN7cYU – FELDAP Commented Nov 28, 2012 at 11:14 2 Use ldapwhoami with correct parameters and try to authenticate with your user. – Sacx Commented Nov 28, 2012 at 11:16 do you followed a tutorial to prepare the client for gdm/xdm authentication ? – Sacx Commented Nov 28, 2012 at 11:21

Show 13 more comments 8

To know if my server and clients settings are correct I use this:

ldapsearch -x -b “uid=username,ou=people,dc=example,dc=com”

the answer will be something like this on success:

extended LDIF

#

LDAPv3

base <uid=username,ou=people,dc=example,dc=com> with scope subtree

filter: (objectclass=*)

requesting: ALL

#

username, people, example.com

dn: uid=username,ou=people,dc=example,dc=com cn: User Name uid: username uidNumber: 1050 loginShell: /bin/bash homeDirectory: /home/webminder gidNumber: 1030 objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: inetOrgPerson gecos: User Name sn: User Name

search result

search: 2 result: 0 Success

numResponses: 2

numEntries: 1

you can use different filters. I only have one server on my network Share Improve this answer Follow answered Jul 6, 2016 at 0:56 MeduZa’s user avatar MeduZa 8111 silver badge33 bronze badges Add a comment 4

Your problem is not LDAP, It’s PAM.

As noted in the comments on Sacx’s answer you probably do not have the console login application (usually the PAM system, xdm, gdm, etc. service(s)) configured to consult LDAP for authenticating users.

You should review the PAM documentation for more information on how to set this up. Share Improve this answer Follow edited Apr 13, 2017 at 12:14 Community’s user avatar CommunityBot 1 answered Nov 28, 2012 at 21:50