On Thu, May 31, 2007 at 12:38:55PM +0100, first last wrote:
Hi,
I am trying to set up a Fedora Directory server for centralised authentication.
I'm using that setup.
I configure the directory server, add a user called (via the Java GUI) test
Could you do an ldap search for that user and show the output, please? Like so: # ldapsearch -LLL -x 'uid=lmf
The output should be something like: dn: uid=lmf,ou=Users,dc=udp,dc=eurotux,dc=com uid: lmf cn: Luciano Rocha cn: luciano objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowLastChange: 12715 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 501 gidNumber: 501 homeDirectory: /home/lmf gecos: Luciano Rocha
the ou=Users can be ou=People or something else. But uid must be present for the user you added and also objectClass: posixAccount.
Then check if you can bind to ldap using the dn of the user: # ldapsearch -LLL -x 'uid=lmf' -D uid=lmf,ou=Users,dc=udp,dc=eurotux,dc=com -W uid Enter LDAP Password: dn: uid=lmf,ou=Users,dc=udp,dc=eurotux,dc=com uid: lmf
and then, using system-config-authentication, enable LDAP on both tabs.
/etc/nsswitch.conf should have: passwd: files ldap
And /etc/openldap/ldap.conf should have a valid URI, pointing to the server and a valid BASE
If that file has all those values commented out, then they should be in /etc/ldap.conf.
In any case, also check /etc/ldap.conf. If /etc/openldap/ldap.conf has a valid URI, then comment out any host definition. Check that base is the correct one, and also check that any nss_base, if defined has the same basedn as the one you found in the search.
Then test the user identification by running id <user>: # id lmf uid=501(lmf) gid=501(lmf) groups=501(lmf),...
If this works, then the next step is checking the pam configuration. But I'll end the email now because it's lunch time here. :)