Re: NSS ldap problems [SOLVED]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Thanks to everybody for their suggestions, and for the pointer to getent, which was a gap in my sysadmin toolchest.

I figured out the problem.  The problem was that nslcd wasn't starting properly because the nslcd user didn't exist.  We're using the same base passwd file for both centos5 and centos6, and that extra user didn't get added.  Switching /etc/nslcd.conf to use an extant uid/gid allowed nslcd to start, and that allowed the query to work, and the test user can log in.

I had never heard of nslcd--and it doesn't appear to have any man pages :-/, but inspection of the config file yields the impression of nscd for ldap, and it's config either supersedes or replaces /etc/ldap.conf.

Thanks for all the good ideas,
   -- Mitch Patenaude   mpatenaude@xxxxxxxxxxxxxx

From: Mitch Patenaude <mpatenaude@xxxxxxxxxxxxxx<mailto:mpatenaude@xxxxxxxxxxxxxx>>
Date: Mon, 31 Oct 2011 15:10:31 -0700
To: CentOS mailing list <centos@xxxxxxxxxx<mailto:centos@xxxxxxxxxx>>
Subject: NSS ldap problems

I'm having trouble setting up ldap based authenication.

I have a virtual (KVM) CentOS 5.4 box set up to authenticate to a 389 (fedora) directory server, and that works fine.

However, I set up a virtual box running CentOS 6, and I can't get it to authenicate.

I've run authconfig with the appropriate flags, ldapsearch properly finds the data, but I can't log in.  /var/log/secure shows that it doesn't find the user, and as a test I came up with the following perl snippet:

perl -e 'print join(" ",getpwnam("testuser")),"\n";'

And it properly finds the test user on the 5.4 box, but not the 6.0 box.

I've checked /etc/ldap.conf and /etc/openldap/ldap.conf and both seem about right.

Here are the ldap related packaged installed on the 6.0 box:
[root@vburntest02 ~]# rpm -qa | grep ldap
openldap-2.4.19-15.el6_0.2.x86_64
pam_ldap-185-5.el6.x86_64
nss-pam-ldapd-0.7.5-3.el6.x86_64
openldap-clients-2.4.19-15.el6_0.2.x86_64
apr-util-ldap-1.3.9-3.el6.x86_64

Any idea what to check next?

Thanks,
  -- Mitch
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux