openldap trouble

[Yang Xiao <yxiao2004@xxxxxxxxx>]

Hi all,

I'm running openldap-2.2.23-5 on FC4 with nss_ldap, I'm was able start the server and populate the db using smbldap-tool, ldapsearch works, smbldap-useradd works, but I can't seem to make name switch to work, I tried both "files ldap" and "compat ldap" for passwd/shadow/group, PAM system-auth seems to be ok.

I think I should be able to see the ldap users when I do "getent passwd", but this only shows  the passwd file content.

please help!

 

Many thanks!

 

- Yang

 

#system-auth

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so broken_shadow
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_ldap.so

#NSSWITCH

passwd:     compat ldap
group:      compat ldap

hosts:      files dns
networks:       files dns

services:   files ldap
protocols:  files ldap
rpc:            files
ethers:         files
netmasks:       files
netgroup:   files ldap
publickey:      files

bootparams:     files
automount:  files ldap
aliases:        files

shadow:     compat ldap

#/etc/ldap.conf

host 127.0.0.1
base dc=xxx,dc=com
# stored in /etc/ldap.secret (mode 600)
rootbinddn cn=nssldap,ou=DSA,dc=xxx,dc=com

nss_base_passwd         ou=Users,dc=xxx,dc=com?one
nss_base_passwd         ou=Computers,dc=xxx,dc=com?one
nss_base_shadow         ou=Users,dc=xxx,dc=com?one
nss_base_group          ou=Groups,dc=xxx,dc=com?one

pam_password md5
ssl no