Hi everyone,
I've got an issue that I've been wrestling with for a couple of days, and I have still had no luck. I searched google, the archives, and all of my books. Nothing. I suppose it could be a bug, but I'd like some feedback before I submit a report.
I have just installed FC3 on a machine that previously had FC1. I am trying to use OpenLDAP server to manage the user accounts, as I had done previously with FC1. It worked perfectly before the upgrade.
To make a long story a bit shorter, I transferred the LDAP directory's contents using an LDIF dump file, as to avoid any database version issues.
This seems to have worked because one of my PHP web applications can authenticate against the server using TLS without a glitch. Also desktop apps like thunderbird's addressbook return all of the entries using LDAPS. Both TLS and SSL work without issue, and I can even execute successful ldapsearch queries from the server's command-line.
However, the server itself does not recognize the LDAP server as a source for accounts; getent passwd or group only returns /etc/passwd and /etc/group values. All of the previous home directories have numeric values for their user and group owner permissions.
Sorry if this is long. Here's the appropriate snippets from my config files. Please let me know if you see anything obviously wrong. Also, any troubleshooting tips would be much appreciated.
Aloha, Chris Stark
(example.com is for illustrative purposes)
----------------------- # /etc/openldap/ldap.conf
URI ldap://example.com BASE dc=example,dc=com TLS_CACERT /etc/ssl/certs/cacert/cacert.pem TLS_REQCERT allow
------------------------ # /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema
disallow bind_anon security ssf=1 update_ssf=112 simple_bind=112
password-hash {MD5}
pidfile /var/run/slapd.pidTLSCACertificateFile /etc/ssl/certs/cacert/cacert.pem TLSCertificateFile /etc/ssl/certs/ldap/ldap-cert.pem TLSCertificateKeyFile /etc/ssl/certs/ldap/ldap-key.pem
access to attr=userPassword
by self write
by anonymous auth
by dn="cn=Manager,dc=example,dc=com" write
by * noneaccess to attrs=sambaLmPassword,sambaNtPassword
by dn="cn=Manager,dc=example,dc=com" write
by * noneaccess to dn=cn=Manager,dc=example,dc=com attr=entry
by self write
by dn="cn=Manager,dc=example,dc=com" write
by * noneaccess to *
by users read
by self write
by dn="cn=Manager,dc=example,dc=com" write
by * nonedatabase ldbm suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw secret directory /var/lib/ldap mode 0700 index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
cachesize 2000 loglevel 296
------------------------ # /etc/ldap.conf
base dc=example,dc=com uri ldap://example.com/ ldap_version 3
pam_filter objectclass=posixAccount pam_login_attribute uid pam_password md5
nss_base_passwd ou=users,dc=example,dc=com?one nss_base_shadow ou=users,dc=example,dc=com?one nss_base_group ou=groups,dc=example,dc=com?one
ssl start_tls tls_checkpeer no
