[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Config Question

I can hand you some clues.

Your ldap server is probably not all the way set up yet or you have some bugs in your setup somewhere.

To verify this use:

getent passwd | grep [account]

...where [account] is a user account that should exist in both the ldap database and the /etc/passwd file. You should get at least two names if the user exists in both the /etc/passwd file and in the ldap database.

If you just use 'getent passwd' without the grep then you can see the list of exactly what the system sees is potentially available for authentication.

If the above does not work and yet ldapsearches turn up user accounts with no trouble then the problem is most likely in you /etc/pam.d/system-auth or /etc/pam.d/passwd file. Be very careful working on /etc/pam.d/passwd as it closely resembles /etc/passwd. I very nearly hosed myself by accidentally deleteing /etc/passwd when I was aiming for /etc/pam.d/passwd.

Jim C.

Greg Redman wrote:
I have my OpenLDAP server up and running and everything "seems" OK.
Now I'd like to remove the "user level" entries in the /etc/passwd and /etc/shadow files.
Whenever I do that user authentication stops working. Does this mean LDAP is not working ?
So, I drop back to the original passwd/shadow files and look at the /etc/nsswitch.conf and it has "files ldap" as the source path.
Whenever I change to "ldap files" user authentication stops working again.
What am I doing wrong ?