Re: request for troubleshooting assistance - ldap authentication
Hi Rich, thanks for the reply.
>
> Check the URI/host spec in /etc/libnss-ldap.conf to make sure it is
> valid... there was a revision or few that mucked up in converting from
> host to uri.
> The next problem comes in if ssl is in use, there are issues with the
> code in determining to use ldaps:/// vs ldap:/// :(
> So if you need ssl, either use TLS, or force the port to :636
I'm fairly certain that the configuration is good. I am able to enumerate
users and groups with getent [passwd|group]. I am not using SSL/TLS at
this time. Also, ldapsearch -x works great in returning the directory
contents (as allowed by ACL) so I'm confident that the ldap configuration
is good.
As a workaround, I have added the LDAP account information to /etc/passwd
(but *not* shadow) and users are able to login successfully and everything
works as it should. This is not an ideal situation from a management
perspective, but it's working until I can build a new box or figure this
out.
--
Josh Miller, RHCE
Reply to: