ssh-ldap-pubkey always timeouts

Question

Opened this issue 5 years ago · 3 comments

I'm struggling to configure another instance using ssh-ldap-pubkey – I'm getting forever search (set by /etc/ldap.conf:timelimit) ldap.TIMEOUT.

I have this config:

binddn cn=provider,dc=example,dc=com
bindpw secretpass
base dc=example,dc=com
nss_base_passwd ou=users,dc=example,dc=com

The connection is estabilished to LDAP server (can see it via lsof -iTCP).

Users in my LDAP are having DN like:
uid=my.user,ou=users,dc=example,dc=com

Any ideas where timeout comes?

Answer 1 · 2019-10-09T09:58:33.000Z

In a matter of fact I noticed LDAP is not accepting any new connection when calling ssh-ldap-pubkey.

I have a ldap.example.com LDAP using 389 and 636 port with only-TLS connection. No STARTTLS.

I have all my LDAP-clients configured with:

host: ldap.example.com
port: 389
encryption: ssl

It works everywhere but /etc/ldap.conf...

Answer 2 · 2019-10-17T12:28:20.000Z

How does your uri look like? You should use ldaps://ldap.example.com for TLS without STARTTLS.

Answer 3 · 2019-10-17T16:51:38.000Z

With either:

uri ldap://ldap.example.com
uri ldaps://ldap.example.com
uri ldaps://ldap.example.com:636
uri ldap://ldap.example.com:636

I get immediate:

Error: Can't contact LDAP server.