On 23.02.2011 00:49, Tim Dunphy wrote:
Hello list,
I am running an openldap 2.4 server under FreeBSD that was working well until the config was tweaked by someone on the team without properly documenting their work
# /usr/local/etc/ldap.con on ldap server (FreeBSD 8.1)
host LBSD.summitnjhome.com base dc=summitnjhome,dc=com sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com binddn cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com bindpw {SSHA}secret scope sub pam_password exop nss_base_passwd ou=staff,dc=summitnjhome,dc=com nss_base_shadow ou=staff,dc=summitnjhome,dc=com
# grep for ldap account shows ldap account on the ldap server itself succeeds
[root@LBSD2:/usr/local/etc/openldap] #getent passwd | grep walbs walbs:secret/:1002:1003:Walkiria Soares:/home/walbs:/usr/local/bin/bash [root@LBSD2:/usr/local/etc/openldap] #grep walbs /etc/passwd [root@LBSD2:/usr/local/etc/openldap] #
# /etc/ldap.conf on ldap client (centos 5.5)
host LBSD2.summitnjhome.com base dc=summitnjhome,dc=com sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com binddn cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com bindpw {crypt}secret
Is the value of bindpw in /etc/ldap.conf actually a crypt hash? It should be cleartext.
HTH, Deyan