Re: request for troubleshooting assistance - ldap authentication

["Josh Miller" <joshua@itsecureadmin.com>]

Hi Rich, thanks for the reply.

>
> Check the URI/host spec in /etc/libnss-ldap.conf to make sure it is
> valid... there was a revision or few that mucked up in converting from
> host to uri.

> The next problem comes in if ssl is in use, there are issues with the
> code in determining to use ldaps:/// vs ldap:/// :(
> So if you need ssl, either use TLS, or force the port to :636

I'm fairly certain that the configuration is good.  I am able to enumerate
users and groups with getent [passwd|group].  I am not using SSL/TLS at
this time.  Also, ldapsearch -x works great in returning the directory
contents (as allowed by ACL) so I'm confident that the ldap configuration
is good.

As a workaround, I have added the LDAP account information to /etc/passwd
(but *not* shadow) and users are able to login successfully and everything
works as it should.  This is not an ideal situation from a management
perspective, but it's working until I can build a new box or figure this
out.


-- 
Josh Miller, RHCE