Re: user can't log in, troubleshooting hints?
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: user can't log in, troubleshooting hints?
- From: Christopher Wood <christopher_wood [at] pobox.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: user can't log in, troubleshooting hints?
- Date: Wed, 14 Sep 2011 16:34:10 -0400
On Wed, Sep 14, 2011 at 10:00:18PM +0200, Arthur de Jong wrote:
> On Wed, 2011-09-14 at 14:05 -0400, Christopher Wood wrote:
> > How to best troubleshoot one particular user who cannot log in?
>
> The information provided should already be quite helpful. The changed
> usernames make things a bit more difficult though. Are you sure the uid
> field is all that is different between both entries?
Come to think of it, no. There are several different member attributes between
the two entries. (Apart from the differences in uidNumber, uid, dn,
homeDirectory.)
> What version of nss-pam-ldapd are you using?
0.7.13 on Debian Squeeze.
> > I'm puzzled at why nslcd is failing to bind for one specific user when
> > I can bind using ldapsearch for that user, and other users have no
> > problem.
>
> Apparently nslcd is confused by something.
>
> > nslcd: [5558ec] DEBUG: ldap_simple_bind_s("uid=user1,ou=people,o=co","***")
> > (uri="ldap://10.201.166.7/")
> > nslcd: [5558ec] DEBUG: failed to bind to LDAP server ldap://10.201.166.7/:
> > Invalid credentials
>
> Are you sure this is the DN that you can bind with
> (uid=user1,ou=people,o=co) using ldapsearch?
Yes, the same one.
I suspect there's something in the member attributes that is causing the
difference in behaviour. I'm going to see if I can isolate that and proceed
from there.
In further testing I can duplicate another entry and log in with this userid,
so it only remains to narrow down which part of the problem entry is causing my
problem.
> --
> -- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
> --
> To unsubscribe send an email to
> nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
> http://lists.arthurdejong.org/nss-pam-ldapd-users/
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/