passwd_compat: ldap?
Nalin Dahyabhai
nalin at redhat.com
Wed Jan 28 20:23:00 UTC 2004
On Wed, Jan 28, 2004 at 01:47:35PM -0500, Brian K. Jones wrote:
> I've asked this question before, and on several other mailing lists, but
> no answer yet.
>
> I want to be able to authenticate users using 'compat' against an ldap
> directory, such that this notation works (in nsswitch.conf)
>
> passwd: compat
> passwd_compat: ldap
>
> I've heard rumours that this does work in RHEL 3, so I'm trying to
> figure out what the magic incantation is to get it working in FC 1.
> Under FC1, the syntax in nsswitch doesn't cause an error - but it
> doesn't enforce the '+username' notation in /etc/passwd either -
> anyone with a valid account on the ldap server gets in. Presumably,
> this is a glibc-specific, and not a nss_ldap-specific issue, since
> libnss_compat is bundled with glibc.
First, check that you have glibc 2.3.2-58 or newer -- its changelog
suggests that this is a minimum. Then, bypass login and check what
applications get from glibc to make sure you understand what's going on
(i.e., start with the basics and work your way up).
Do that by running "getent passwd" to get the entire list of users which
are visible to your system. Or try "getent passwd username" to check if
applications can look up information about a particular user. Check
this both as "root" and as an unprivileged user to make sure you don't
have a permissions problem somewhere on the client system.
If that all works (and it did on my test box), then the problem may be
something else.
HTH,
Nalin
More information about the fedora-list
mailing list