Hey all
I have a number Virtualmin nodes and wish to operate a centralise LDAP server for user and group authentication. This LDAP server is configured and I can successfully create users and groups on a remote Virtualmin client node that are saved as expected into the central LDAP server. So far so good.
When I run the LDAP Client validation from virtualmin, the tests identify that the LDAP server can be queried and a user is located. However the next step is to check that the Unix user can be looked up - this currently fails.
I have configured the "Services Using LDAP" option on the client machine, to LDAP as an option in the sequence.
Next I turned to nslcd. It was failing to start, and when I checked the logs it appears that Virtualmin is adding in a config item that is unknown. The following log entry was found in journalctl...
Dec 09 15:43:28 web101 nslcd[10788]: nslcd: /etc/nslcd.conf:144: unknown keyword: 'rootbinddn'
So it seems the trouble I'm seeing is related purely to the fact that nlscd is not running, but I'm not sure how to resolve the issue of the syntax error or even if I should manually resolve the problem. If Virtualmin compiles the config file from the web gui I don't want to overwrite anything that would be lost on changing setting in future.
The environment is: CentOS 7.2.1511 (Linux 3.10.0-327.36.3.el7.x86_64 on x86_64)
Virtualmin 5.05
Webmin 1.821
All packages up to date.
Any help or advice would be appreciated.
Comments
Submitted by VirtualNoob on Fri, 12/09/2016 - 10:25 Comment #1
I've made a little progress...
Replacing the Virtualmin generated keyword
rootbinddn
withrootpwmoddn
allows nslcd to run, and also allows the LDAP Client validation test to complete too. Can this be patched into Virtualmin / Webmin as required to ensure it uses the correct keyword / syntax?I have new problem now though... when I try to create a virtual server I get an error regarding authentication:
failed to create administration group : ldap-useradmin::create_group failed : Failed to add group to LDAP database : modifications require authentication at /usr/libexec/webmin/web-lib-funcs.pl line 1427.
Is this error related?
Cheers
Submitted by VirtualNoob on Fri, 12/09/2016 - 10:26 Comment #2
Submitted by JamieCameron on Sat, 12/10/2016 - 19:50 Comment #3
Thanks for the information about the
rootbinddn
directive. Can you check which version of thenscd
package you have on your system though?Submitted by VirtualNoob on Sun, 12/11/2016 - 04:59 Comment #4
No worries, hope it helps.
yum list nscd [...]
Installed Packages
nscd.x86_64 2.17-106.el7_2.8
Submitted by JamieCameron on Sun, 12/11/2016 - 13:09 Comment #5
Thanks - the next release of Webmin will handle these new root bind directives properly (and will also fix your second problem, which is fallout from the first).
Submitted by JamieCameron on Sun, 12/11/2016 - 13:10 Comment #6
Submitted by VirtualNoob on Sun, 12/11/2016 - 13:30 Comment #7
Awesome. Thanks for sorting so quickly.
Submitted by VirtualNoob on Wed, 12/14/2016 - 04:08 Comment #8
Hey Jamie
Do you have an approximate ETA on the next release by any chance? If it's a while off yet, are you able to provide a patch I can apply to our systems in the interim please?
Thanks very much.
Submitted by JamieCameron on Wed, 12/14/2016 - 16:41 Comment #9
You can try applying the diffs from this commit : https://github.com/webmin/webmin/commit/e87f8ef1f571b042fbf09b9123d25a40...