[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem authenticating with ldap



I have ldap authentication working for one system but for another system something is just not working


Both systems are redhat 9 and I even copied over the ldap.conf from the working system. As a note the system that does work is the same system on which the LDAP server is running. However both systems seem to connect to the server and TLS seems to be functioning correctly.


In my slapd logs I get the following on the llama the working system. I can log in remoted via ssh using the account in the ldap directory.

Aug 12 17:39:42 llama slapd[8359]: conn=18 op=2 ENTRY dn="uid=tmartin,ou=People,dc=physics,dc=ucsd,dc=edu"
Aug 12 17:39:42 llama slapd[8359]: conn=18 op=2 SEARCH RESULT tag=101 err=0 text=
Aug 12 17:39:42 llama slapd[8350]: daemon: activity on 1 descriptors
Aug 12 17:39:42 llama slapd[8350]: daemon: activity on:


However when I try to connect to the other system moonfruit I get a different search

Aug 12 17:40:32 llama slapd[8350]: daemon: activity on 1 descriptors
Aug 12 17:40:32 llama slapd[8359]: end get_filter 0
Aug 12 17:40:32 llama slapd[8350]: daemon: select: listen=6 active_threads=1 tvp=NULL
Aug 12 17:40:32 llama slapd[8359]: conn=20 op=2 SRCH base="dc=physics,dc=ucsd,dc=edu" scope=2 filter="(uid=NOUSER)"
Aug 12 17:40:32 llama slapd[8350]: daemon: select: listen=7 active_threads=1 tvp=NULL


As you can see I do not get the same results. Now what is very odd is when I run useradd on moonfruit I get

Aug 12 17:42:04 llama slapd[8359]: conn=22 op=2 ENTRY dn="uid=tmartin,ou=People,dc=physics,dc=ucsd,dc=edu"
Aug 12 17:42:04 llama slapd[8359]: conn=22 op=2 SEARCH RESULT tag=101 err=0 text=
Aug 12 17:42:04 llama slapd[8350]: daemon: activity on 1 descriptors
Aug 12 17:42:04 llama slapd[8350]: daemon: activity on:


So the search appears to be working in that case and on the client I get a message saying the user already exists.

I can also su - tmartin on moonfruit and the ldap directory is queried in that case it also returns correct results and gets the right information.

Any ideas?

Terrence


---