Re: ldap auth does not works after openldap upgrade

On Tue, Feb 15, 2011 at 11:13:03AM -0200, Leonardo Carneiro wrote:

> The ldapsearch you gave me returned the following output:
> chester@reploid:~$ ldapsearch -h ldap.server -x -LLL -b '' -s base
> '(objectclass=*)' namingcontexts
> dn:
> namingContexts: dc=dominio,dc=com,dc=br
> I think It's ok, cause that's precisely the root of my ldap tree.

That looks good, and it suggests that the slapd config is
OK. Now try this:

ldapsearch -h ldap.server -x -b dc=dominio,dc=com,dc=br -s base '(objectclass=*)'

If you get an entry, then try:

ldapsearch -h ldap.server -x -b dc=dominio,dc=com,dc=br '(objectclass=*)'

If you see lots of data then there is probably nothing wrong
with the LDAP server at all.

> Just another info: when I was on the root shell and tried to change to
> another user, i did changed, but i gave some errors:
> fileserver:~# su - lscarneiro
> I have no name!@fileserver:~$ whoami
> whoami: cannot find name for user ID 1130
> but than i read this link that dan gave me:
> http://www.debian.org/releases/stable/i386/release-notes/ch-whats-new.en.html#new-ldap
> and installed the libnss-ldapd and libpam-ldapd packages as
> recommended.  but now i can't even 'su' to my username:
> fileserver:~# su - lscarneiro
> Unknown id: lscarneiro
> It's seems that the unix and samba database have lost their sync. I'll

Ignore Samba for now. You need to get the basic Unix-level
stuff working first.

> try to execute the backup/restore in a new db dir as you said and post
> the results here. This backup need to be from a point before the
> upgrade or a can simple get a dump of the actual database?

It would be best to use an LDIF made with slapcat just
before the upgrade. If you don't have one then you may need
to copy your database files onto a machine running the same
versions of software that the server had before the upgrade,
and make an LDIF there.

