# OpenLDAP login in Raspberry Pi [bug filed]

## hika

For years now I have an OpenLDAP DB running to manage all my logins. Linux, Samba, Mail, etc.

I have been experimenting with Raspberry Pi and I can not get it working. 

I have nsswitch.conf. ldap.conf and pam.d set up as usual.

It seems it is not able to connect to the database as I see in the log "error trying to bind (invalid credentials)

At present my guess is that I need to load one or more kernel modules, possibly cryptographic as I do have the bind password encrypted with SSHA in /etc/ldap.conf, but I do not know which modules to load. Probably it are modules that are in a AMD64/X86 kernel by default.

HikaLast edited by hika on Fri Apr 29, 2016 1:54 am; edited 1 time in total

----------

## hika

I got a bit wizer. I found this: https://www.darkalchemist.co.uk/2014/05/30/ldap-raspberry-pi/ claiming a missing link in /lib to be the cause. While this did not solve anything I found weird inconsistencies between a AMD64 install of nss_ldap and the ARM install.

On AMD64 I have a 64 bit library /lib64/libnss_ldap-2.20.so with links to: /lib64/libnss_ldap.so.2 and /usr/lib64/libnss_ldap.so.2 and a 32 bit library /usr/lib32/libnss_ldap-2.20.so linking to /usr/lib32/libnss_ldap.so.2.

On the Raspberry Pi I got /lib/nss_ldap.so.1 linking to /lib/nss_ldap.so

Why the name and version differences? They are both nns_ldap-265-r5 and adding the sugested link to /lib/libnss_ldap.so.2 defenitly gives a reaction (a freeze), so that one is expected by nss.

Is this a bug?

Hika

----------

## hika

Ok, so it is a combination of two things.

1 A wrong library name or at leas a missing simlink. /lib/nss_ldap.so.1 should be /lib/libnss_ldap.so.2. I probably will file a bug.

2 Unable to read the SSHA encrypted password in /etc/ldap.conf

So I can get it to work with a plain password, but that I do not want.

So am I missing a library or kernel module and if so which?

Any suggestions on where to look? It is probably either nss or pam related.

Hika

----------

## hika

Number 2 was my fault. Somehow while trying things /etc/openldap/ldap.conf and /etc/ldap.conf got mixed up. Only the first accepts an encrypted password.

I filed a bug report about the library names: https://bugs.gentoo.org/show_bug.cgi?id=581306

----------

## NightDragon

Hey guys!

I got the same Bug on my Raspberry Pi2.

Thanks to this thread i was able to fix it by creating the symlink

----------

