Fedora Linux Support Community & Resources Center
  #1  
Old 30th September 2011, 07:33 AM
vijays Offline
Registered User
 
Join Date: Aug 2011
Posts: 28
windows_7chrome
Login takes more time (LDAP Authentication)

Hi,
I am using openldap-2.4.26 on one machine, and pam_ldap-186 and nss_ldap-265 on another machine, both machines running Fedora.

I am trying for a secure communication using TLS/SSL. when I try to connect to the LDAP client machine using SSH, after authentication success the shell prompt is returned after 3 min or 4 mins. I don't know why it is taking so much time. This is happening for the users which are present only in LDAP database i.e. this user is not created on the client machine.

At the server side I am getting following errors.

PHP Code:
TLScan't accept: (unknown).
connection_read(18): TLS accept failure error=-1 id=1068, closing
connection_closing: readying conn=1068 sd=18 for close
connection_close: conn=1068 sd=18
daemon: removing 18
conn=1068 fd=18 closed (TLS negotiation failure)
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL 
I have created the CA certificate with CA.sh script. I followed the procedure given below.
http://octaldream.com/~scottm/talks/ssl/opensslca.html

I copied the same cacert.pem file from server to the client machine afte running the above procedure on server machine.

The configuration files are as follows.
slapd.conf

PHP Code:
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/nis.schema

LSCipherSuite          HIGH
:MEDIUM:+SSLv2:+SSLv3:RSA
TLSCACertificateFile    
/etc/pki/CA/cacert.pem
TLSCertificateFile      
/etc/pki/tls/misc/newcert.pem
TLSCertificateKeyFile   
/etc/pki/tls/misc/newkey.pem
TLSVerifyClient         allow

pidfile         
/usr/local/var/run/slapd.pid
argsfile        
/usr/local/var/run/slapd.args

access to attrs
=userPassword
 by self       write
 by anonymous  auth
 by 
*          none
 
access to 
*
 
by *         read
#######################################################################
# BDB database definitions
#######################################################################
 
database        bdb
suffix          
"dc=samsung,dc=com"
rootdn          "cn=Manager,dc=samsung,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          123qwe
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /usr/local/var/openldap-data
# Indices to maintain
#unique id so equality match only
index   uid     eq
index   userPassword    eq
#allows general searching on commonname,givenname and mail
index   cn,gn,sn,ou,o,mail eq,sub
index   objectClass     eq 

and ldap.conf has the following configuration

PHP Code:
base dc=samsung,dc=com
uri ldaps
://localhost.localdomain/
tls_cacertfile  /etc/pki/CA/cacert.pem
pam_password md5
nss_map_attribute gecos description 
Please let me know where I am making mistake? how to fix this problem.

Warm Regards
Vijay S.

Last edited by vijays; 30th September 2011 at 09:01 AM.
Reply With Quote
  #2  
Old 30th September 2011, 07:59 AM
leigh123linux
Guest
 
Posts: n/a
linuxredhatfirefox
Re: Login takes more time (LDAP Authentication)

Moved to EOL (End Of Life) Versions
Reply With Quote
Reply

Tags
authentication, ldap, login, takes, time

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
LDAP /sssd authentication in Fedora 15 takes forever to connect Sagari Using Fedora 9 26th February 2013 12:30 PM
pam.conf for local/ldap login authentication mcanovas Security and Privacy 0 4th May 2006 08:58 PM


Current GMT-time: 16:01 (Thursday, 21-08-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat