[ldap] Re: Something in LDAP configuration isn't quite right

Mon, 20 Aug 2007 16:13:15 -0700 

I haven't seen any answers to this one yet.  I also tried to use
[EMAIL PROTECTED] on this one and they rejected it indicating
it wasn't openldap specific enough.  Are there any other mailing lists
that might be more appropriate for questions of this nature?

> I have set up LDAP so ldapsearch works for a specific user, but when that
> user tries to login, that user is invalid.  I must have missed something
> in the configuration but having trouble spotting it.  Some extra eyes
> would sure help here.
> 
> Below are diff listings of my changes to config files and their original
> state as of the openLDAP-2.0.27-23 release.  Also changes to nsswitch.conf
> and chkconfig.  System is running RHEL ES 3.9 and is currently the only
> server and client.
> 
> I have made no changes to /etc/pam.d/* or /etc/pam_smb.conf
> 
> What am I missing here?
> 
> # diff /etc/ldap.conf /etc/ldap.conf_2.0.27-23
> 18c18
> < base dc=localdomain
> ---
> > base dc=example,dc=com
> 43c43
> < rootbinddn cn=Manager,dc=localdomain
> ---
> > #rootbinddn cn=manager,dc=example,dc=com
> 
> # diff /etc/openldap/ldap.conf /etc/openldap/ldap.conf_2.0.27-23
> 16c16
> < BASE dc=localdomain
> ---
> > BASE dc=example,dc=com
> 
> # diff /etc/openldap/slapd.conf /etc/openldap/slapd.conf_2.0.27-23
> 40,42d39
> < TLSCipherSuite                HIGH:MEDIUM
> < TLSCertificateFile    /usr/share/ssl/certs/slapd.pem
> < TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
> 60,64d56
> < access to attrs=userPassword
> <       by self write
> <       by * auth
> < access to *
> <       by * read
> 71c63
> < suffix                "dc=localdomain"
> ---
> > suffix                "dc=my-domain,dc=com"
> 73c65
> < rootdn                "cn=Manager,dc=localdomain"
> ---
> > rootdn                "cn=Manager,dc=my-domain,dc=com"
> 78,79c70,71
> < #rootpw               secret
> < rootpw                {SSHA}hqjzpACdAWS/WmnnqRu/5P9TaNqaSVg7
> ---
> > # rootpw              secret
> > # rootpw              {crypt}ijFYNcSNctBYg
> 
> # diff /etc/nsswitch.conf /etc/nsswitch.conf_ORIG
> 33,35c33,35
> < passwd:     ldap files
> < shadow:     ldap files
> < group:      ldap files
> ---
> > passwd:     files
> > shadow:     files
> > group:      files
> 
> # chkconfig --list | egrep 'ldap|sasl'
> saslauthd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
> ldap            0:off   1:off   2:on    3:on    4:on    5:on    6:off

---
You are currently subscribed to [EMAIL PROTECTED] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the 
SUBJECT of the message.

Reply via email to