Re: ldap auth does not works after openldap upgrade

[Dan White <dwhite@olp.net>]

On 14/02/11 12:37 -0200, Leonardo Carneiro wrote:
> Hello everyone,
>
> I upgraded my debian machine from lenny to squeeze (the new stable)
> that comes with samba 3.5.6 and openldap 2.4.23. this machines works
> primarily as a PDC.
>
> i have 3 services authenticating on ldap: samba, apache and redmine.
> samba is acting very weird, but it's kinda working, but redmine and
> apache aren't working at all.
>
> these services do bind to the server, but it cannot find the users.
> also, i cannot execute ldapsearchs via CLI. plus, in the bash, when i
> try to change to some user other than root (eg: lscarneiro), the
> system does not recognize the user:
>
> fileserver:~# su - lscarneiro
> I have no name!@fileserver:~$ whoami
> whoami: cannot find name for user ID 1130
>
> i'm very VERY noob on ldap and don't know exactly what kind of info i
> should give to you guys to get some help. any help is very welcome

Start with your admin (rootdn/rootpw) credentials and see if you can bind
to the server. If so, try binding with your Apache/Redmine credentials from
the CLI to verify your ACL configuration is good. Try to prove that your
Apache configuration is good by reproducing it's bind and search via
command line tools.

With regards to Squeeze, see:

http://www.debian.org/releases/stable/i386/release-notes/ch-whats-new.en.html#new-ldap

If you're using libnss-ldap (for nss/user id mapping), consider moving to
libnss-ldapd.

--
Dan White