J'ai un base Serveur OpenLDAP fonctionnant sur Ubuntu 16.04LTS qui authentifie parfaitement les utilisateurs, mais je voulais vraiment le rendre plus sûr, j'ai donc décidé d'utiliser STARTTLS et Comment chiffrer les connexions OpenLDAP à l'aide du tutoriel STARTTLS pour aider à réaliser tout cela. Tout s'est parfaitement déroulé jusqu'à ce moment, comme le montre l'image ci-dessous :
Après avoir fait tout ce qu'il m'a dit de faire dans l'image ci-dessus, j'ai exécuté ssh {user-on-openldap-server@localhost} il m'a donné un message d'erreur lisant :
Permission denied, please try again.
Permission denied (publickey,password).Note : localhost, dans ce cas, était la machine cliente où j'ai utilisé cet outil Comment authentifier les ordinateurs clients en utilisant LDAP sur un VPS Ubuntu 12.04 tutoriel pour le mettre en place.
P.S Il y avait un commentaire sur le Comment chiffrer les connexions OpenLDAP à l'aide du tutoriel STARTTLS que j'ai utilisé pour configurer STARTTLS sur OpenLDAP où l'utilisateur semblait avoir le même problème que moi mais il n'y a pas de réponse à son commentaire, c'est pourquoi j'espère donner à son commentaire plus d'attention tout en m'aidant également. 
Quand j'ai couru ldapsearch -H ldap://my-ip -x -b "dc=example,dc=com" -LLL -Z -d1 dn
Voici le résultat de cette commande :
ldap_url_parse_ext(ldap://my-ip)
ldap_create
ldap_url_parse_ext(ldap://my-ip:389/??base)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP my-ip:389
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 108.75.66.244:389
ldap_pvt_connect: fd: 4 tm: -1 async: 0
attempting to connect:
connect success
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 31 bytes to sd 4
ldap_result ld 0x55f5ab064a60 msgid 1
wait4msg ld 0x55f5ab064a60 msgid 1 (infinite timeout)
wait4msg continue ld 0x55f5ab064a60 msgid 1 all 1
** ld 0x55f5ab064a60 Connections:
* host: my-ip port: 389 (default)
refcnt: 2 status: Connected
last used: Wed May 18 23:57:55 2016
** ld 0x55f5ab064a60 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x55f5ab064a60 request count 1 (abandoned 0)
** ld 0x55f5ab064a60 Response Queue:
Empty
ld 0x55f5ab064a60 response count 0
ldap_chkResponseList ld 0x55f5ab064a60 msgid 1 all 1
ldap_chkResponseList returns ld 0x55f5ab064a60 NULL
ldap_int_select
read1msg: ld 0x55f5ab064a60 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0x55f5ab064a60 msgid 1 message type extended-result
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x55f5ab064a60 0 new referrals
read1msg: mark request completed, ld 0x55f5ab064a60 msgid 1
request done: ld 0x55f5ab064a60 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ber_scanf fmt ({eAA) ber:
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 14 bytes to sd 4
ldap_result ld 0x55f5ab064a60 msgid 2
wait4msg ld 0x55f5ab064a60 msgid 2 (infinite timeout)
wait4msg continue ld 0x55f5ab064a60 msgid 2 all 1
** ld 0x55f5ab064a60 Connections:
* host: my-ip port: 389 (default)
refcnt: 2 status: Connected
last used: Wed May 18 23:57:55 2016
** ld 0x55f5ab064a60 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x55f5ab064a60 request count 1 (abandoned 0)
** ld 0x55f5ab064a60 Response Queue:
Empty
ld 0x55f5ab064a60 response count 0
ldap_chkResponseList ld 0x55f5ab064a60 msgid 2 all 1
ldap_chkResponseList returns ld 0x55f5ab064a60 NULL
ldap_int_select
read1msg: ld 0x55f5ab064a60 msgid 2 all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0x55f5ab064a60 msgid 2 message type bind
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x55f5ab064a60 0 new referrals
read1msg: mark request completed, ld 0x55f5ab064a60 msgid 2
request done: ld 0x55f5ab064a60 msgid 2
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_search_ext
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 60 bytes to sd 4
ldap_result ld 0x55f5ab064a60 msgid -1
wait4msg ld 0x55f5ab064a60 msgid -1 (infinite timeout)
wait4msg continue ld 0x55f5ab064a60 msgid -1 all 0
** ld 0x55f5ab064a60 Connections:
* host: my-ip port: 389 (default)
refcnt: 2 status: Connected
last used: Wed May 18 23:57:55 2016
** ld 0x55f5ab064a60 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x55f5ab064a60 request count 1 (abandoned 0)
** ld 0x55f5ab064a60 Response Queue:
Empty
ld 0x55f5ab064a60 response count 0
ldap_chkResponseList ld 0x55f5ab064a60 msgid -1 all 0
ldap_chkResponseList returns ld 0x55f5ab064a60 NULL
ldap_int_select
read1msg: ld 0x55f5ab064a60 msgid -1 all 0
ber_get_next
ber_get_next: tag 0x30 len 26 contents:
read1msg: ld 0x55f5ab064a60 msgid 3 message type search-entry
ldap_get_dn_ber
ber_scanf fmt ({ml{) ber:
dn: dc=example,dc=com
ber_scanf fmt ({xx) ber:
ldap_get_attribute_ber
ldap_msgfree
ldap_result ld 0x55f5ab064a60 msgid -1
wait4msg ld 0x55f5ab064a60 msgid -1 (infinite timeout)
wait4msg continue ld 0x55f5ab064a60 msgid -1 all 0
** ld 0x55f5ab064a60 Connections:
* host: my-ip port: 389 (default)
refcnt: 2 status: Connected
last used: Wed May 18 23:57:55 2016
** ld 0x55f5ab064a60 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x55f5ab064a60 request count 1 (abandoned 0)
** ld 0x55f5ab064a60 Response Queue:
Empty
ld 0x55f5ab064a60 response count 0
ldap_chkResponseList ld 0x55f5ab064a60 msgid -1 all 0
ldap_chkResponseList returns ld 0x55f5ab064a60 NULL
ldap_int_select
read1msg: ld 0x55f5ab064a60 msgid -1 all 0
ber_get_next
ber_get_next: tag 0x30 len 35 contents:
read1msg: ld 0x55f5ab064a60 msgid 3 message type search-entry
ldap_get_dn_ber
ber_scanf fmt ({ml{) ber:
dn: cn=admin,dc=example,dc=com
ber_scanf fmt ({xx) ber:
ldap_get_attribute_ber
ldap_msgfree
ldap_result ld 0x55f5ab064a60 msgid -1
wait4msg ld 0x55f5ab064a60 msgid -1 (infinite timeout)
wait4msg continue ld 0x55f5ab064a60 msgid -1 all 0
** ld 0x55f5ab064a60 Connections:
* host: my-ip port: 389 (default)
refcnt: 2 status: Connected
last used: Wed May 18 23:57:55 2016
** ld 0x55f5ab064a60 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x55f5ab064a60 request count 1 (abandoned 0)
** ld 0x55f5ab064a60 Response Queue:
Empty
ld 0x55f5ab064a60 response count 0
ldap_chkResponseList ld 0x55f5ab064a60 msgid -1 all 0
ldap_chkResponseList returns ld 0x55f5ab064a60 NULL
ldap_int_select
read1msg: ld 0x55f5ab064a60 msgid -1 all 0
ber_get_next
ber_get_next: tag 0x30 len 36 contents:
read1msg: ld 0x55f5ab064a60 msgid 3 message type search-entry
ldap_get_dn_ber
ber_scanf fmt ({ml{) ber:
dn: ou=groups,dc=example,dc=com
ber_scanf fmt ({xx) ber:
ldap_get_attribute_ber
ldap_msgfree
ldap_result ld 0x55f5ab064a60 msgid -1
wait4msg ld 0x55f5ab064a60 msgid -1 (infinite timeout)
wait4msg continue ld 0x55f5ab064a60 msgid -1 all 0
** ld 0x55f5ab064a60 Connections:
* host: my-ip port: 389 (default)
refcnt: 2 status: Connected
last used: Wed May 18 23:57:55 2016
** ld 0x55f5ab064a60 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x55f5ab064a60 request count 1 (abandoned 0)
** ld 0x55f5ab064a60 Response Queue:
Empty
ld 0x55f5ab064a60 response count 0
ldap_chkResponseList ld 0x55f5ab064a60 msgid -1 all 0
ldap_chkResponseList returns ld 0x55f5ab064a60 NULL
ldap_int_select
read1msg: ld 0x55f5ab064a60 msgid -1 all 0
ber_get_next
ber_get_next: tag 0x30 len 35 contents:
read1msg: ld 0x55f5ab064a60 msgid 3 message type search-entry
ldap_get_dn_ber
ber_scanf fmt ({ml{) ber:
dn: ou=users,dc=example,dc=com
ber_scanf fmt ({xx) ber:
ldap_get_attribute_ber
ldap_msgfree
ldap_result ld 0x55f5ab064a60 msgid -1
wait4msg ld 0x55f5ab064a60 msgid -1 (infinite timeout)
wait4msg continue ld 0x55f5ab064a60 msgid -1 all 0
** ld 0x55f5ab064a60 Connections:
* host: my-ip port: 389 (default)
refcnt: 2 status: Connected
last used: Wed May 18 23:57:55 2016
** ld 0x55f5ab064a60 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x55f5ab064a60 request count 1 (abandoned 0)
** ld 0x55f5ab064a60 Response Queue:
Empty
ld 0x55f5ab064a60 response count 0
ldap_chkResponseList ld 0x55f5ab064a60 msgid -1 all 0
ldap_chkResponseList returns ld 0x55f5ab064a60 NULL
ldap_int_select
read1msg: ld 0x55f5ab064a60 msgid -1 all 0
ber_get_next
ber_get_next: tag 0x30 len 45 contents:
read1msg: ld 0x55f5ab064a60 msgid 3 message type search-entry
ldap_get_dn_ber
ber_scanf fmt ({ml{) ber:
dn: cn=admin,ou=groups,dc=example,dc=com
ber_scanf fmt ({xx) ber:
ldap_get_attribute_ber
ldap_msgfree
ldap_result ld 0x55f5ab064a60 msgid -1
wait4msg ld 0x55f5ab064a60 msgid -1 (infinite timeout)
wait4msg continue ld 0x55f5ab064a60 msgid -1 all 0
** ld 0x55f5ab064a60 Connections:
* host: my-ip port: 389 (default)
refcnt: 2 status: Connected
last used: Wed May 18 23:57:55 2016
** ld 0x55f5ab064a60 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x55f5ab064a60 request count 1 (abandoned 0)
** ld 0x55f5ab064a60 Response Queue:
Empty
ld 0x55f5ab064a60 response count 0
ldap_chkResponseList ld 0x55f5ab064a60 msgid -1 all 0
ldap_chkResponseList returns ld 0x55f5ab064a60 NULL
ldap_int_select
read1msg: ld 0x55f5ab064a60 msgid -1 all 0
ber_get_next
ber_get_next: tag 0x30 len 43 contents:
read1msg: ld 0x55f5ab064a60 msgid 3 message type search-entry
ldap_get_dn_ber
ber_scanf fmt ({ml{) ber:
dn: cn=irc,ou=groups,dc=example,dc=com
ber_scanf fmt ({xx) ber:
ldap_get_attribute_ber
ldap_msgfree
ldap_result ld 0x55f5ab064a60 msgid -1
wait4msg ld 0x55f5ab064a60 msgid -1 (infinite timeout)
wait4msg continue ld 0x55f5ab064a60 msgid -1 all 0
** ld 0x55f5ab064a60 Connections:
* host: my-ip port: 389 (default)
refcnt: 2 status: Connected
last used: Wed May 18 23:57:55 2016
** ld 0x55f5ab064a60 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x55f5ab064a60 request count 1 (abandoned 0)
** ld 0x55f5ab064a60 Response Queue:
Empty
ld 0x55f5ab064a60 response count 0
ldap_chkResponseList ld 0x55f5ab064a60 msgid -1 all 0
ldap_chkResponseList returns ld 0x55f5ab064a60 NULL
ldap_int_select
read1msg: ld 0x55f5ab064a60 msgid -1 all 0
ber_get_next
ber_get_next: tag 0x30 len 44 contents:
read1msg: ld 0x55f5ab064a60 msgid 3 message type search-entry
ldap_get_dn_ber
ber_scanf fmt ({ml{) ber:
dn: cn=user,ou=groups,dc=example,dc=com
ber_scanf fmt ({xx) ber:
ldap_get_attribute_ber
ldap_msgfree
ldap_result ld 0x55f5ab064a60 msgid -1
wait4msg ld 0x55f5ab064a60 msgid -1 (infinite timeout)
wait4msg continue ld 0x55f5ab064a60 msgid -1 all 0
** ld 0x55f5ab064a60 Connections:
* host: my-ip port: 389 (default)
refcnt: 2 status: Connected
last used: Wed May 18 23:57:55 2016
** ld 0x55f5ab064a60 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x55f5ab064a60 request count 1 (abandoned 0)
** ld 0x55f5ab064a60 Response Queue:
Empty
ld 0x55f5ab064a60 response count 0
ldap_chkResponseList ld 0x55f5ab064a60 msgid -1 all 0
ldap_chkResponseList returns ld 0x55f5ab064a60 NULL
ldap_int_select
read1msg: ld 0x55f5ab064a60 msgid -1 all 0
ber_get_next
ber_get_next: tag 0x30 len 47 contents:
read1msg: ld 0x55f5ab064a60 msgid 3 message type search-entry
ldap_get_dn_ber
ber_scanf fmt ({ml{) ber:
dn: cn=ftp-alex,ou=users,dc=example,dc=com
ber_scanf fmt ({xx) ber:
ldap_get_attribute_ber
ldap_msgfree
ldap_result ld 0x55f5ab064a60 msgid -1
wait4msg ld 0x55f5ab064a60 msgid -1 (infinite timeout)
wait4msg continue ld 0x55f5ab064a60 msgid -1 all 0
** ld 0x55f5ab064a60 Connections:
* host: my-ip port: 389 (default)
refcnt: 2 status: Connected
last used: Wed May 18 23:57:55 2016
** ld 0x55f5ab064a60 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x55f5ab064a60 request count 1 (abandoned 0)
** ld 0x55f5ab064a60 Response Queue:
Empty
ld 0x55f5ab064a60 response count 0
ldap_chkResponseList ld 0x55f5ab064a60 msgid -1 all 0
ldap_chkResponseList returns ld 0x55f5ab064a60 NULL
ldap_int_select
read1msg: ld 0x55f5ab064a60 msgid -1 all 0
ber_get_next
ber_get_next: tag 0x30 len 50 contents:
read1msg: ld 0x55f5ab064a60 msgid 3 message type search-entry
ldap_get_dn_ber
ber_scanf fmt ({ml{) ber:
dn: cn=ftp-spencer,ou=users,dc=example,dc=com
ber_scanf fmt ({xx) ber:
ldap_get_attribute_ber
ldap_msgfree
ldap_result ld 0x55f5ab064a60 msgid -1
wait4msg ld 0x55f5ab064a60 msgid -1 (infinite timeout)
wait4msg continue ld 0x55f5ab064a60 msgid -1 all 0
** ld 0x55f5ab064a60 Connections:
* host: my-ip port: 389 (default)
refcnt: 2 status: Connected
last used: Wed May 18 23:57:55 2016
** ld 0x55f5ab064a60 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x55f5ab064a60 request count 1 (abandoned 0)
** ld 0x55f5ab064a60 Response Queue:
Empty
ld 0x55f5ab064a60 response count 0
ldap_chkResponseList ld 0x55f5ab064a60 msgid -1 all 0
ldap_chkResponseList returns ld 0x55f5ab064a60 NULL
ldap_int_select
read1msg: ld 0x55f5ab064a60 msgid -1 all 0
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0x55f5ab064a60 msgid 3 message type search-result
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x55f5ab064a60 0 new referrals
read1msg: mark request completed, ld 0x55f5ab064a60 msgid 3
request done: ld 0x55f5ab064a60 msgid 3
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 4
ldap_free_connection: actually freedMerci d'avance, Alex
