Thanks Andy, on the new server, there is in fact a libnss_ldap.conf file, while on the old there is not. Editing the following lines from
nss_base_passwd ou=accounts,ou=caedm,dc=et,dc=byu,dc=edu?sub
nss_base_shadow ou=accounts,ou=caedm,dc=et,dc=byu,dc=edu?sub
to
nss_base_passwd ou=caedm,dc=et,dc=byu,dc=edu?sub
nss_base_shadow ou=caedm,dc=et,dc=byu,dc=edu?sub
fixed the problem. Thank you all for your help.
On 4/17/07, Andrew Morgan <morgan@...> wrote:
On Tue, 17 Apr 2007, Quentin Smith wrote:
> Both the old and the new servers are using debian, but both are using the
> same/etc/ldap.conf file. If I edit the base line in the /etc/ldap.conf file
> from
>
> base dc=et,dc=byu,dc=edu
>
> to
>
> base ou=caedm,dc=et,dc=byu,dc=edu
>
> none of the users are able to authenticate.
>
>
> Perhaps it is these entries that are to blame? I don't see anywhere else in
> the file where ou=caedm has been specified, but even on these lines, it
> doesn't specify to search with ou=accounts.
>
> nss_base_passwd ou=caedm,dc=et,dc=byu,dc=edu?sub
> nss_base_shadow ou=caedm,dc=et,dc=byu,dc=edu?sub
> nss_base_group ou=groups,ou=caedm,dc=et,dc=byu,dc=edu?sub
Debian's packages for libnss-ldap and libpam-ldap do NOT use
/etc/ldap.conf. That file is for configuring your OpenLDAP server. Have
a look at /etc/pam_ldap.conf and /etc/libnss-
ldap.conf.
Andy
--
Quentin Smith
