can't get OS to use LDAP for accounts
James Bourne
jbourne at hardrock.org
Mon Mar 3 23:05:51 UTC 2008
On Mon, 3 Mar 2008, Douglas J Hunley wrote:
> I've got a nice clean recently built RHEL4 machine (all updates) that just
> won't see any users/groups in LDAP. I've run 'authconfig' and marked things
> as documented for our other, working server. I've bounced the machine. Our
> application can talk to the LDAP server and see the user/groups in questions.
> Where do I start debugging this?
Are you using tls/ssl from the OS side? If so and you have a self signed
certificate make sure your CA certificate is in /etc/openldap/cacerts, then
re-run authconfig.
Also make sure /etc/ldap.conf is readable by world, of course you would have
a working ldap setup if you type id username as root but not as a user...
Then there are obvious things, check ldap is listed in /etc/nsswitch.conf.
Make sure if your uids are below 500 to change /etc/pam.d/system-auth (red
hat defaults to system below 500, we use something lower internally), of
course also make sure pam_ldap.so is listed in /etc/pam.d/system-auth...
Try changing to the IP of the ldap server instead of a hostname..
Try turning off TLS...
If you have anonymous bind turned off in your ldap server you'll need
to add a binddn and bindpw line (for a read only user)...
I think those are the biggest gotchas.
Normally I've not seen either selinux (without kernel log messages) or
iptables issues in a case like this, just what's above..
Regards
James
--
James Bourne | Email: jbourne at hardrock.org
UNIX Systems Administration | WWW: http://www.hardrock.org
Custom UNIX Programming | Linux: The choice of a GNU generation
----------------------------------------------------------------------
"All you need's an occasional kick in the philosophy." Frank Herbert
Need an inexpensive domain alternative? http://fastforwarddomains.com
More information about the redhat-sysadmin-list
mailing list