RE: [nssldap] LDAP Auth
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
RE: [nssldap] LDAP Auth
- From: Nuno Manuel Martins <nuno.mmartins_externo [at] sonae.com>
- To: "nssldap [at] padl.com" <nssldap [at] padl.com>
- Subject: RE: [nssldap] LDAP Auth
- Date: Wed, 16 Apr 2008 17:13:45 +0100
Hi,
Thanks for the reply but in the meantime I got a response from the OpenLDAP
mailing list that nailed the problem for me. For future googlers facing the
same problem the problem what that LDAP was being able to answer queries based
on cn attribute but not based on uid attribute due to a indexing problem.
Stopping OpenLDAP, running slapindex and then starting OpenLDAP again made
authentication work again.
For some strange reason "getent passwd" still gets the data, so it must
retrieve that information in some other way. I confess I have no intention to
look up code to find out :)
A simple way to know if this problem is affecting you is doing a manual search
on ldap. In my case searching for "uid=myuser" returned no information while
searching for "uid=myuser*" returned the correct information which was what
made the problem clear for the OpenLDAP guys.
Regards,
Nuno
-----Original Message-----
From: Andrew Morgan [morgan [at] orst.edu]
Sent: quarta-feira, 16 de Abril de 2008 17:07
To: Nuno Manuel Martins
Cc: nssldap@padl.com
Subject: Re: [nssldap] LDAP Auth
On Wed, 16 Apr 2008, Nuno Manuel Martins wrote:
> Hello list,
>
> I am having a very strange behaviour from my test with OpenLDAP
> authentication. I tried to follow the HOWTOs online but I encountered an
> undocumented problem :)
>
> After configuring nssswitch.conf I tried what they asked and did a getent
> command which returns successfully:
> getent passwd | grep myuser
> myuser:x:10002:10001:myUser (LDAP):/home/ldap/john:/bin/bash
>
> This means that the system can get the proper data from the LDAP directory.
> However, even before I try authentication I have this problem:
> su - myuser
> su: user myuser does not exist
>
> So anyone knows where su is getting its information from and why it is
> different from the information on getent?
It looks like you are starting out as root. Perhaps your ldap.conf file
is only readable by root?
Andy