|

»

»

»

pam_ldap + nscd

View: New views

6 Messages — Rating Filter: Alert me

	pam_ldap + nscd by Felix Schwarz :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, I'd like to use nscd for passwd+group caching. pam_ldap is configured and works (e.g. 'id foo' returns the correct user id if foo is present in ldap). If I start nscd manually (not started by default), 'id foo' returns 'No such user'. As soon as I stop nscd, 'id foo' starts working again. I suspect nscd is only looking at /etc/passwd because 'id root' always works (root is present in /etc/passwd). This is on a CentOS 5 system. Disabling SELinux did not help. I did not attach any config files purposefully because I don't know where to look for the problem and attaching nsswitch.conf, ldap.conf etc. would result in a huge post. Nevertheless, I will consider any information needed to diagnose the problem although I suspect that this a very simple configuration problem. Thank you very much :-) fs smime.p7s (4K) Download Attachment
	Re: pam_ldap + nscd by Felix Schwarz :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Eventually I found the problem: nscd did bind anonymously and slapd was configured to prevent access to ldap information by anonymous users. I thought that specifying "rootbinddn" and the correct password in ldap.secret would prevent that but obviously nscd needs "binddn" and "bindpw" in ldap.conf. fs smime.p7s (4K) Download Attachment
	Re: pam_ldap + nscd by Tony Earnshaw-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Felix Schwarz skrev, on 30-09-2007 11:44: > I'd like to use nscd for passwd+group caching. pam_ldap is configured > and works > (e.g. 'id foo' returns the correct user id if foo is present in ldap). > > If I start nscd manually (not started by default), 'id foo' returns 'No > such > user'. As soon as I stop nscd, 'id foo' starts working again. I suspect > nscd is > only looking at /etc/passwd because 'id root' always works (root is > present in > /etc/passwd). > > This is on a CentOS 5 system. Disabling SELinux did not help. > > I did not attach any config files purposefully because I don't know > where to > look for the problem and attaching nsswitch.conf, ldap.conf etc. would > result in > a huge post. Nevertheless, I will consider any information needed to > diagnose > the problem although I suspect that this a very simple configuration > problem. > > Thank you very much :-) All I can say that is, on my Red Hat RHL5 /Fedora FC6 systems nscd has always been (since RH 7.2) an utter PITA and I avoid it as the pest. My systems (even the oldest) are otherwise (Unix sockets) configured to be far and away fast enough to work without it. --Tonni -- Tony Earnshaw Email: tonni at hetnet dot nl
	Re: Re: pam_ldap + nscd by Tony Earnshaw-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Felix Schwarz skrev, on 30-09-2007 18:13: > Eventually I found the problem: > nscd did bind anonymously and slapd was configured to prevent access to > ldap information by anonymous users. I thought that specifying > "rootbinddn" and the correct password in ldap.secret would prevent that > but obviously nscd needs "binddn" and "bindpw" in ldap.conf. And what happens when one adopts OL's ppolicy overlay? --Tonni -- Tony Earnshaw Email: tonni at hetnet dot nl
	Re: pam_ldap + nscd by Felix Schwarz :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Tony Earnshaw wrote: > Felix Schwarz skrev, on 30-09-2007 18:13: > >> Eventually I found the problem: >> nscd did bind anonymously and slapd was configured to prevent access >> to ldap information by anonymous users. I thought that specifying >> "rootbinddn" and the correct password in ldap.secret would prevent >> that but obviously nscd needs "binddn" and "bindpw" in ldap.conf. > > And what happens when one adopts OL's ppolicy overlay? I have to admit that I am LDAP newbie, so can you explain your question please? How can ppolicy overlay help solving the problem? fs smime.p7s (4K) Download Attachment
	Re: pam_ldap + nscd by Tony Earnshaw-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Felix Schwarz skrev, on 02-10-2007 19:43: > > Tony Earnshaw wrote: >> Felix Schwarz skrev, on 30-09-2007 18:13: >> >>> Eventually I found the problem: >>> nscd did bind anonymously and slapd was configured to prevent access >>> to ldap information by anonymous users. I thought that specifying >>> "rootbinddn" and the correct password in ldap.secret would prevent >>> that but obviously nscd needs "binddn" and "bindpw" in ldap.conf. >> >> And what happens when one adopts OL's ppolicy overlay? > > I have to admit that I am LDAP newbie, so can you explain your question > please? How can ppolicy overlay help solving the problem? It doesn't, it makes it worse. Please resend your question to the ML, were it belongs - I normally just delete this kind of message - I don't have any private practice license. --Tonni -- Tony Earnshaw Email: tonni at hetnet dot nl