[CentOS] Howto for LDAP authentication with replication

Sat Jan 12 16:24:21 UTC 2008
Craig White <craigwhite at azapple.com>

On Sat, 2008-01-12 at 09:11 -0600, Sean Carolan wrote:
> > sure, I use webmin's LDAP Users and Groups module on every network
> > server that I maintain. It's perfect for my needs.
> 
> Yes, this is exactly what I'm trying to do.  It would be perfect for our 
> needs too.
> 
> > The first question that occurs to me is if you did all that. When you do
> > 'getent passwd' does each user in LDAP show up? Remember that if you
> > still have a user in /etc/passwd and in LDAP (which would be a fatal
> > setup), they would actually appear twice.
> 
> Yep, each user shows up one time when I run 'getent passwd'.  I'm 
> thinking that perhaps there is a problem in my /etc/ldap.conf since this 
> is what it appears webmin is using to bind to the LDAP server.  Here's a 
> copy of that file if it's any help.
----
not really, have you run system-config-authentication ? That also
configures pam & nss which are necessary items.

If each user shows only once AND they are in /etc/passwd and LDAP, then
it would be a clear indication that the underlying system isn't
configured to find users/groups/passwords in LDAP at all. If each user
has been removed from /etc/passwd, then it may very well be working.

Configuring Webmin's LDAP Users and Groups is only possible when you
have configured the underlying system first, can actually do command
line add/remove/delete ldap users and can authenticate as an LDAP user
to various systems such as ssh. At that point, Webmin's configuration
becomes obvious. It is not reasonable to expect Webmin to supply the
understanding of LDAP that the administrator cannot accomplish without
Webmin.

Craig