I've been trying to replicate the OpenLDAP server we currently have, so that we can use it in the event the main server crashes. I was able to get the database transferred, as well as the TLS certs, and ldapsearch works fine and return the correct information.
However, I can't seem to authenticate using the database on the new server. I am unable to su to an LDAP user on the new server when it is using itself for authentication. I currently have an entry in /etc/hosts that redirects traffic to the old server to localhost, e.g. 127.0.0.1 ldap-old. If I comment out this line, the new server can authenticate against the old server perfectly well. However, when the line is uncommented, I get Unknown id: test.user7 whenever I try to su to an LDAP user. I get the same issue if I change ldap.conf to point to the new server's FQDN. For some reason, it seems that the data is all in place on the new server, but it's not being made available for authentication.
Also, getent passwd shows the correct output when the new server is authenticating against the old, but only shows a few LDAP users when authenticating against itself.
The current configuration is:
- Ubuntu 12.04
- OpenLDAP 2.4.28
- hdb backend (still not sure what this means, but it works)
- Self-signed TLS cert generated with GnuTLS
I realize this is a bit convoluted, please let me know if I should clarify or explain what I've done.
0 Answers