Hi,
i''m relatively new to puppet and to this list and have a problem
configuring puppet for using ldap nodes. I have a very basic testing
setup on FreeBSD7_0 using puppet-dev port (0.24.5)
The error i get is:
warning: Retrying LDAP connection
err: LDAP Search failed
When tcpdumping i can see, that puppetmasterd is trying to do simple
auth with binddn="<ROOT>" and the ldap.authentication field is
simply
missing (no password sent.) With ldapsearch (authing as my puppet user)
and the same filters used by puppetmasterd i get the correct response.
What authentication mechanism am i supposed to use and what are the
resprective puppet.conf parameters ?
puppet.conf on the server:
[puppetmasterd]
ldapserver = myldapserver.fqdn.example.org
ldapbase = ou=puppet,ou=rest,ou=of,o=it,c=org
ldapuser = cn=puppetadmin,ou=ldapaccounts,ou=rest,ou=of,o=it,c=org
ldappassword = puppetpassword
ldapclassattrs = puppetclass
node_terminus = ldap
puppet.conf on the client:
[puppetd]
server = puppetmasterd.fqdn.example.org
make sure ldapsearch works first on the puppetmaster and also look at your log files to see any errors. Your LDAP authentication depends upon how your LDAP server is setup. -L -- Larry Ludwig Empowering Media 1-866-792-0489 x600 Managed and Unmanaged Xen VPSes http://www.hostcube.com/ On Nov 14, 7:18 pm, Leon Meßner <l.mess...@physik.tu-berlin.de> wrote:> Hi, > i''m relatively new to puppet and to this list and have a problem > configuring puppet for using ldap nodes. I have a very basic testing > setup on FreeBSD7_0 using puppet-dev port (0.24.5) > The error i get is: > > warning: Retrying LDAP connection > err: LDAP Search failed > > When tcpdumping i can see, that puppetmasterd is trying to do simple > auth with binddn="<ROOT>" and the ldap.authentication field is simply > missing (no password sent.) With ldapsearch (authing as my puppet user) > and the same filters used by puppetmasterd i get the correct response. > > What authentication mechanism am i supposed to use and what are the > resprective puppet.conf parameters ? > > puppet.conf on the server: > > [puppetmasterd] > > ldapserver = myldapserver.fqdn.example.org > ldapbase = ou=puppet,ou=rest,ou=of,o=it,c=org > ldapuser = cn=puppetadmin,ou=ldapaccounts,ou=rest,ou=of,o=it,c=org > ldappassword = puppetpassword > ldapclassattrs = puppetclass > > node_terminus = ldap > > puppet.conf on the client: > > [puppetd] > server = puppetmasterd.fqdn.example.org > > application_pgp-signature_part > < 1KViewDownload--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Sat, Nov 15, 2008 at 03:02:49PM -0800, Larry Ludwig wrote:> > make sure ldapsearch works first on the puppetmaster and also look at > your log files to see any errors.The only error i get when running ''puppetmasterd --debug --no-daemonize'' is: warning: Retrying LDAP connection err: LDAP Search failed With (on puppetmasterd): ''ldapsearch -x -D "cn=puppetadmin,ou=ldapaccounts,ou=rest,ou=of,o=it,c=org" -W "(&(objectClass=puppetClient)(cn=clientfqdn))" ou=puppet,ou=rest,ou=of,o=it,c=org'' i get the correct response.> Your LDAP authentication depends upon how your LDAP server is setup.For most things i use sasl-gssapi but i think puppet will just do simple bind, right ? TIA, leon> On Nov 14, 7:18 pm, Leon Meßner <l.mess...@physik.tu-berlin.de> wrote: > > Hi, > > i''m relatively new to puppet and to this list and have a problem > > configuring puppet for using ldap nodes. I have a very basic testing > > setup on FreeBSD7_0 using puppet-dev port (0.24.5) > > The error i get is: > > > > warning: Retrying LDAP connection > > err: LDAP Search failed > > > > When tcpdumping i can see, that puppetmasterd is trying to do simple > > auth with binddn="<ROOT>" and the ldap.authentication field is simply > > missing (no password sent.) With ldapsearch (authing as my puppet user) > > and the same filters used by puppetmasterd i get the correct response. > > > > What authentication mechanism am i supposed to use and what are the > > resprective puppet.conf parameters ? > > > > puppet.conf on the server: > > > > [puppetmasterd] > > > > ldapserver = myldapserver.fqdn.example.org > > ldapbase = ou=puppet,ou=rest,ou=of,o=it,c=org > > ldapuser = cn=puppetadmin,ou=ldapaccounts,ou=rest,ou=of,o=it,c=org > > ldappassword = puppetpassword > > ldapclassattrs = puppetclass > > > > node_terminus = ldap > > > > puppet.conf on the client: > > > > [puppetd] > > server = puppetmasterd.fqdn.example.org > > > > application_pgp-signature_part > > < 1KViewDownload > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Nov 14, 2008, at 6:18 PM, Leon Meßner wrote:> Hi, > i''m relatively new to puppet and to this list and have a problem > configuring puppet for using ldap nodes. I have a very basic testing > setup on FreeBSD7_0 using puppet-dev port (0.24.5) > The error i get is: > > warning: Retrying LDAP connection > err: LDAP Search failed > > When tcpdumping i can see, that puppetmasterd is trying to do simple > auth with binddn="<ROOT>" and the ldap.authentication field is simply > missing (no password sent.) With ldapsearch (authing as my puppet > user) > and the same filters used by puppetmasterd i get the correct response. > > What authentication mechanism am i supposed to use and what are the > resprective puppet.conf parameters ? > > puppet.conf on the server: > > [puppetmasterd] > > ldapserver = myldapserver.fqdn.example.org > ldapbase = ou=puppet,ou=rest,ou=of,o=it,c=org > ldapuser = cn=puppetadmin,ou=ldapaccounts,ou=rest,ou=of,o=it,c=org > ldappassword = puppetpassword > ldapclassattrs = puppetclass > > node_terminus = ldap > > puppet.conf on the client: > > [puppetd] > server = puppetmasterd.fqdn.example.orgI believe this was just fixed in 0.24.6: http://projects.reductivelabs.com/issues/show/1521 -- This book fills a much-needed gap. -- Moses Hadas --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Mon, Nov 17, 2008 at 05:23:21PM -0600, Luke Kanies wrote:> > On Nov 14, 2008, at 6:18 PM, Leon Meßner wrote: > > > Hi, > > i''m relatively new to puppet and to this list and have a problem > > configuring puppet for using ldap nodes. I have a very basic testing > > setup on FreeBSD7_0 using puppet-dev port (0.24.5) > > The error i get is: > > > > warning: Retrying LDAP connection > > err: LDAP Search failed > ><snip>> > puppet.conf on the server: > > > > [puppetmasterd] > > > > ldapserver = myldapserver.fqdn.example.org > > ldapbase = ou=puppet,ou=rest,ou=of,o=it,c=org > > ldapuser = cn=puppetadmin,ou=ldapaccounts,ou=rest,ou=of,o=it,c=org > > ldappassword = puppetpassword > > ldapclassattrs = puppetclass > > > > node_terminus = ldap<snip>> I believe this was just fixed in 0.24.6: > > http://projects.reductivelabs.com/issues/show/1521Installed the -stable version and now it works. Thanks a lot. I will file FreeBSD-pr tomorrow, so the ports get the latest puppet. Hopefully you don''t make a new release before this happens ;) cheers, Leon --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---