[Date Prev][Date Next]
Re: OpenLDAP Config Question
I can hand you some clues.
Your ldap server is probably not all the way set up yet or you have some
bugs in your setup somewhere.
To verify this use:
getent passwd | grep [account]
...where [account] is a user account that should exist in both the ldap
database and the /etc/passwd file. You should get at least two names if
the user exists in both the /etc/passwd file and in the ldap database.
If you just use 'getent passwd' without the grep then you can see the
list of exactly what the system sees is potentially available for
If the above does not work and yet ldapsearches turn up user accounts
with no trouble then the problem is most likely in you
/etc/pam.d/system-auth or /etc/pam.d/passwd file. Be very careful
working on /etc/pam.d/passwd as it closely resembles /etc/passwd. I
very nearly hosed myself by accidentally deleteing /etc/passwd when I
was aiming for /etc/pam.d/passwd.
Greg Redman wrote:
I have my OpenLDAP server up and running and everything "seems" OK.
Now I'd like to remove the "user level" entries in the /etc/passwd and
Whenever I do that user authentication stops working. Does this mean
LDAP is not working ?
So, I drop back to the original passwd/shadow files and look at the
/etc/nsswitch.conf and it has "files ldap" as the source path.
Whenever I change to "ldap files" user authentication stops working again.
What am I doing wrong ?