This is basic stuff and I could do it easily with openldap and I can see I am close. I can get what I need from command line ldapsearch and it works fine. RHEL 4 - have run authconfig and my pam.d/system-auth looks like wiki page for FDS with PAM I can tell that the padl stuff (nsswitch.conf and /etc/ldap.conf) is working because the logs show me that 'cn=Directory Manager' is attempting to bind but it always returns error=32 (obviously no such object...which by the way is a lousy error report because obviously this is about invalid credentials and should return error=49) Anyway, I do have the password for cn=Directory Manager in /etc/ldap.secret (have tried both with and without a line feed) and even tried to put rootbinddn & rootpw in /root/.ldaprc to no avail. Regardless, 'getent passwd' doesn't return anything but contents of /etc/passwd (likewise for group) Is there a clue stick for being able to derive accounts from FDS? I could post the contents of /etc/ldap.conf and /etc/nsswitch if necessary...perhaps it's one of the commented values in ldap.conf that I routinely pass over with openldap. Craig -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
