[Date Prev][Date Next] [Chronological] [Thread] [Top]

Afg! Client won't use LDAP

I've configured my test OpenLDAP server as a client unto itself so that I may test the setup. However, it isn't using any information from LDAP.

- I have nss_ldap and pam_ldap installed

- I have changed nsswitch.conf to say:

passwd:     files ldap
shadow:     files ldap
group:      files ldap
hosts:      files ldap dns

- I have configured /etc/pam.d/system-auth to use LDAP the same way EVERY HowTo shows

- I have setup a user called proxyuser in LDAP and tested that he has access to the correct info

- I have configured /etc/openldap/ldap.conf like:

BASE dc=stxe,dc=com,c=US
binddn cn=proxyuser,dc=stxe,dc=com,c=US
scope one
pam_filter objectClass=posixAccount
pam_login_attribute uid
pam_member_attribute gid
pam_password md5
nss_base_passwd         ou=People,dc=stxe,dc=com,c=US?one
nss_base_shadow         ou=People,dc=stxe,dc=com,c=US?one
nss_base_group          ou=Group,dc=stxe,dc=com,c=US?one
nss_base_hosts          ou=Hosts,dc=stxe,dc=com,c=US?one

Note that I also tried "rootbinddn" in there as some howtos show, but that didn't work and the man page said to use "binddn" so I did.

- I have put proxyuser's password in a 600 mod'd file called ldap.secret owned my root:root in /etc/openldap (and /etc/).

However, I removed the user 'phil' from /etc/passwd and /etc/shadow and now:
# getent passwd phil

Same with hosts entries I have removed from /etc/hosts. Getent will return stuff from files but not from ldap.

For the life of me I cannot figure out why. Any help would be much appreciated.

I'm running OpenLDAP included in Redhat 7.3 (with recent updates).

Phil Dibowitz                             phil@ipom.com
Freeware and Technical Pages              Insanity Palace of Metallica
http://home.earthlink.net/~jaymzh666/     http://www.ipom.com/

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
 - Benjamin Franklin, 1759