|
»
»
»
« Return to Thread: LDAP Auth
RE: LDAP Auth
by Branc0
::
Rate this Message:
Hi,
Thanks for the reply but in the meantime I got a response from the OpenLDAP mailing list that nailed the problem for me. For future googlers facing the same problem the problem what that LDAP was being able to answer queries based on cn attribute but not based on uid attribute due to a indexing problem. Stopping OpenLDAP, running slapindex and then starting OpenLDAP again made authentication work again.
For some strange reason "getent passwd" still gets the data, so it must retrieve that information in some other way. I confess I have no intention to look up code to find out :)
A simple way to know if this problem is affecting you is doing a manual search on ldap. In my case searching for "uid=myuser" returned no information while searching for "uid=myuser*" returned the correct information which was what made the problem clear for the OpenLDAP guys.
Regards,
Nuno
-----Original Message-----
From: Andrew Morgan [mailto:morgan@...]
Sent: quarta-feira, 16 de Abril de 2008 17:07
To: Nuno Manuel Martins
Cc: nssldap@...
Subject: Re: [nssldap] LDAP Auth
On Wed, 16 Apr 2008, Nuno Manuel Martins wrote:
> Hello list,
>
> I am having a very strange behaviour from my test with OpenLDAP authentication. I tried to follow the HOWTOs online but I encountered an undocumented problem :)
>
> After configuring nssswitch.conf I tried what they asked and did a getent command which returns successfully:
> getent passwd | grep myuser
> myuser:x:10002:10001:myUser (LDAP):/home/ldap/john:/bin/bash
>
> This means that the system can get the proper data from the LDAP directory. However, even before I try authentication I have this problem:
> su - myuser
> su: user myuser does not exist
>
> So anyone knows where su is getting its information from and why it is different from the information on getent?
It looks like you are starting out as root. Perhaps your ldap.conf file
is only readable by root?
Andy
Thanks for the reply but in the meantime I got a response from the OpenLDAP mailing list that nailed the problem for me. For future googlers facing the same problem the problem what that LDAP was being able to answer queries based on cn attribute but not based on uid attribute due to a indexing problem. Stopping OpenLDAP, running slapindex and then starting OpenLDAP again made authentication work again.
For some strange reason "getent passwd" still gets the data, so it must retrieve that information in some other way. I confess I have no intention to look up code to find out :)
A simple way to know if this problem is affecting you is doing a manual search on ldap. In my case searching for "uid=myuser" returned no information while searching for "uid=myuser*" returned the correct information which was what made the problem clear for the OpenLDAP guys.
Regards,
Nuno
-----Original Message-----
From: Andrew Morgan [mailto:morgan@...]
Sent: quarta-feira, 16 de Abril de 2008 17:07
To: Nuno Manuel Martins
Cc: nssldap@...
Subject: Re: [nssldap] LDAP Auth
On Wed, 16 Apr 2008, Nuno Manuel Martins wrote:
> Hello list,
>
> I am having a very strange behaviour from my test with OpenLDAP authentication. I tried to follow the HOWTOs online but I encountered an undocumented problem :)
>
> After configuring nssswitch.conf I tried what they asked and did a getent command which returns successfully:
> getent passwd | grep myuser
> myuser:x:10002:10001:myUser (LDAP):/home/ldap/john:/bin/bash
>
> This means that the system can get the proper data from the LDAP directory. However, even before I try authentication I have this problem:
> su - myuser
> su: user myuser does not exist
>
> So anyone knows where su is getting its information from and why it is different from the information on getent?
It looks like you are starting out as root. Perhaps your ldap.conf file
is only readable by root?
Andy
« Return to Thread: LDAP Auth
| Free Forum Powered by Nabble | Forum Help |