[plug] 2 LDAP issues

Nima Talebi nima at it.net.au
Thu Aug 7 23:30:23 WST 2003 

Hey

problem 2 was my fault - /etc/pam.d/su had a stupid error - I've been
messing too much with things, then I forget.

Now simple question...

Can someone tell me why is slapcat part of the slapd package - I want to
slapcat from clients, just like ypcat, I dont want the ldap daemon
there.

Oh, problem one still exists. I don't want to have to change
/etc/pam.d/su etc because I don't think I should need to, I want
nsswitch to take care of it all for me - I think that should be
possible. No?

Thanks


On Thu, 2003-08-07 at 21:57, Nima Talebi wrote:
> Machine A:
> - debian stable
> - ldap server
> 
> -----------
> 
> Machine B:
> - debian stable
> - /etc/libnss-ldap.conf configured
> - /etc/nsswitch.conf configured
> - ldapsearch etc all work perfectly fine
> 
> Problem:
> 
> darvish:/etc/pam.d# cat /etc/passwd|grep nima
> darvish:/etc/pam.d# cat /etc/shadow|grep nima
> darvish:/etc/pam.d# su - nima
> nima at darvish:~$ su - nima
> Password: 
> su: Authentication service cannot retrieve authentication info.
> Sorry.
> 
> --------------
> 
> Machine C:
> - debian unstable
> - /etc/libnss-ldap.conf configured
> - /etc/nsswitch.conf configured
> 
> Bigger Problem
> 
> playboy:/etc# cat /etc/passwd|grep nima
> playboy:/etc# cat /etc/shadow|grep nima
> playboy:/etc# su - nima
> Password: 
> su: Authentication service cannot retrieve authentication info.
> Sorry.
> 
> ---------------
> 
> So on machine B I can _at least_ su to a user, but I can't authenticate
> to ldap.
> 
> ldapsearch -h directory -x -b 'dc=test,dc=com'\ 
> -D cn=administrator,dc=test,dc=com -w secret
> 
> ...works fine from all machines, I can also run it as a user, but if I
> want to authenticate it dies with:
> 
> ldap_bind: Invalid credentials
> 
> On machine C it is even worst because now I can't even su from root to a
> user... I can only log in as root, and I can't su to _any_ user,
> including non-ldap users.
> 
> /etc/ldap/slapd.conf:
> 
> access to dn="uid=.*,ou=People,dc=prusikloop,dc=com"
> attribute=userPassword
>         by dn="cn=administrator,dc=prusikloop,dc=com" write
>         by self write
>         by * auth
> 
> access to *
>         by dn="cn=administrator,dc=prusikloop,dc=com" write
>         by * read
>         by * search
> 
> Any help would be appreciated.
> 
> Nima
> 
> 
> 
> 
> 
>

More information about the plug mailing list