On Wed, Jan 28, 2004 at 01:47:35PM -0500, Brian K. Jones wrote: > I've asked this question before, and on several other mailing lists, but > no answer yet. > > I want to be able to authenticate users using 'compat' against an ldap > directory, such that this notation works (in nsswitch.conf) > > passwd: compat > passwd_compat: ldap > > I've heard rumours that this does work in RHEL 3, so I'm trying to > figure out what the magic incantation is to get it working in FC 1. > Under FC1, the syntax in nsswitch doesn't cause an error - but it > doesn't enforce the '+username' notation in /etc/passwd either - > anyone with a valid account on the ldap server gets in. Presumably, > this is a glibc-specific, and not a nss_ldap-specific issue, since > libnss_compat is bundled with glibc. First, check that you have glibc 2.3.2-58 or newer -- its changelog suggests that this is a minimum. Then, bypass login and check what applications get from glibc to make sure you understand what's going on (i.e., start with the basics and work your way up). Do that by running "getent passwd" to get the entire list of users which are visible to your system. Or try "getent passwd username" to check if applications can look up information about a particular user. Check this both as "root" and as an unprivileged user to make sure you don't have a permissions problem somewhere on the client system. If that all works (and it did on my test box), then the problem may be something else. HTH, Nalin