[CentOS] Fedora Directory Authentication on CentOS 5

first last prelude_2_murder at yahoo.co.uk
Fri Jun 1 11:32:24 UTC 2007

> Could you do an ldap search for that user and show the output,
> please?
> Like so:
> # ldapsearch -LLL -x 'uid=lmf

I do ldapsearch -LLL -x 'uid=ttest' and I get nothing

if I do ldapsearch -LLL -x  I get a list of things like:
dn: cn=Accounting Managers,ou=groups,dc=internal,dc=domain,dc=com
objectClass: top
objectClass: groupOfUniqueNames
ou: groups
description: blah, blah

But I can not see the group I added (developers) or the user (ttest).

The user has all the POSIX details filled in.

> Then check if you can bind to ldap using the dn of the user:
> # ldapsearch -LLL -x 'uid=lmf' -D
> uid=lmf,ou=Users,dc=udp,dc=eurotux,dc=com -W uid
> Enter LDAP Password: 
> dn: uid=lmf,ou=Users,dc=udp,dc=eurotux,dc=com
> uid: lmf

this doesn't work (as expected).

> > and then, using system-config-authentication, enable LDAP on both
> > tabs.
> /etc/nsswitch.conf should have:
> passwd:     files ldap

This is correct. Also group and shadow have "files ldap"

> And /etc/openldap/ldap.conf should have a valid URI, pointing to the
> server and a valid BASE
> If that file has all those values commented out, then they should be
> in
> /etc/ldap.conf.
Same content on both files.

> In any case, also check /etc/ldap.conf. If /etc/openldap/ldap.conf
> has a
> valid URI, then comment out any host definition. Check that base is
> the
> correct one, and also check that any nss_base, if defined has the
> same
> basedn as the one you found in the search.

These are correct, BASE is set to internal.domain.com and URI to the
server I am running it on

Any help would be appreciated :)


Yahoo! Answers - Got a question? Someone out there knows the answer. Try it

More information about the CentOS mailing list