[plug] 2 LDAP issues

Nima Talebi nima at it.net.au
Thu Aug 7 21:57:24 WST 2003



Machine A:
- debian stable
- ldap server

-----------

Machine B:
- debian stable
- /etc/libnss-ldap.conf configured
- /etc/nsswitch.conf configured
- ldapsearch etc all work perfectly fine

Problem:

darvish:/etc/pam.d# cat /etc/passwd|grep nima
darvish:/etc/pam.d# cat /etc/shadow|grep nima
darvish:/etc/pam.d# su - nima
nima at darvish:~$ su - nima
Password: 
su: Authentication service cannot retrieve authentication info.
Sorry.

--------------

Machine C:
- debian unstable
- /etc/libnss-ldap.conf configured
- /etc/nsswitch.conf configured

Bigger Problem

playboy:/etc# cat /etc/passwd|grep nima
playboy:/etc# cat /etc/shadow|grep nima
playboy:/etc# su - nima
Password: 
su: Authentication service cannot retrieve authentication info.
Sorry.

---------------

So on machine B I can _at least_ su to a user, but I can't authenticate
to ldap.

ldapsearch -h directory -x -b 'dc=test,dc=com'\ 
-D cn=administrator,dc=test,dc=com -w secret

...works fine from all machines, I can also run it as a user, but if I
want to authenticate it dies with:

ldap_bind: Invalid credentials

On machine C it is even worst because now I can't even su from root to a
user... I can only log in as root, and I can't su to _any_ user,
including non-ldap users.

/etc/ldap/slapd.conf:

access to dn="uid=.*,ou=People,dc=prusikloop,dc=com"
attribute=userPassword
        by dn="cn=administrator,dc=prusikloop,dc=com" write
        by self write
        by * auth

access to *
        by dn="cn=administrator,dc=prusikloop,dc=com" write
        by * read
        by * search

Any help would be appreciated.

Nima









More information about the plug mailing list