That depends: If you are using SSSD, you only need to configure the files in /etc/sssd.
If you are using nss-pam-ldap, you need to configure /etc/pam_ldap.conf and /etc/nslcd.conf. If you used the openldap client programs (ldapsearch, ldapmodify, etc.), you will still need to configure /etc/openldap/ldap.conf. -- Prentice Collins, Kevin [BEELINE] wrote: > Related to this issue, do I still need /etc/ldap.conf or has > /etc/pam_ldap.conf basically repalced that? > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Collins, Kevin [BEELINE] > Sent: Thursday, December 02, 2010 10:29 AM > To: Prentice Bisbal; [email protected] > Subject: Re: [rhelv6-list] Problem with ldap > > Thanks - I plan to look in to SSSD, but was trying to work my way from > "known" towards "unknown" :) > > However, your reply hit one thing I forgot - I had not yet restarted nscd... > that fixed the issue I was seeing and things appear to be working as expected > now. > > Kevin > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Prentice Bisbal > Sent: Thursday, December 02, 2010 9:45 AM > To: [email protected] > Subject: Re: [rhelv6-list] Problem with ldap > > Collins, Kevin [BEELINE] wrote: >> I have been using pam/nss_ldap with RHEL3 thru RHEL5. I am starting to >> test on RHEL6 and have run into a problem. >> >> >> >> I figured out that I need pam_ldap and nss-pam-ldapd, but I am having >> some troubles getting things to work correctly. I think I have the >> /etc/pam_ldap.conf and /etc/nslcd.conf files correct, but I am seeing >> some strange behavior. >> >> >> >> As an example, I have an “oracle” ID in LDAP: >> >> >> >> # grep oracle /etc/passwd >> >> >> >> # getent passwd | grep ^oracle: >> >> oracle:No_Login*****:200:200:Oracle Owner:/oracle:/usr/bin/sh >> >> >> >> # getent passwd oracle >> >> >> >> # ldapsearch -LLL -x "(uid=oracle)" >> >> dn: uid=oracle,ou=People,dc=afis,dc=sr >> >> uid: oracle >> >> cn: Oracle Owner >> >> objectClass: account >> >> objectClass: posixAccount >> >> objectClass: top >> >> userPassword:: e2NyeXB0fU5vX0xvZ2luKioqKio= >> >> loginShell: /usr/bin/sh >> >> uidNumber: 200 >> >> gidNumber: 200 >> >> homeDirectory: /oracle >> >> gecos: Oracle Owner >> >> >> >> I can’t figure out why getent (or id, or groups, etc) can’t resolve >> specific IDs from LDAP, but I can get obviously read the data... >> >> >> >> Any ideas? >> > > Kevin, > > I was configuring PAM/LDAP/NSS on RHEL6 for the first time yesrerday > myself. After getting nscd and nslcd configured correctly, I was able > to make this work, but then I switched to using sssd for my name > services/PAM. > > SSSD appears to be the RH "blessed" method for handling this sort of > stuff, and if you ever use authconfig, it will configure sssd to perform > these functions. You should look into switching to sssd, to avoid RH > utils from "fixing" things for you in the future. > > Have you tried using strace on getent to see what functions are being > called and what errors are being reports? I would also turn on logging > on your ldap server and do a tail -f while running getent to see if > search being performed by 'getent passwd oracle' is being tranformed > into something other than what your server needs to get a result. > > _______________________________________________ rhelv6-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv6-list
