Hi Everyone. I am doing some LDAP testing. I have setup a 389 Directory Server on CentOS 5 and using the default schema I have populated it with a couple of users. I then did the configuration on the client that I thought was needed to make it authenticate. To test this I expected to be able to use id <uidNumber> of a user I had defined. But I get id: 1001: No such user id: 5001: No such user I then thought perhaps it was an LDAP permissions problem so I tried binding to the LDAP server using a user I know has full rights using these entries in /etc/openldap/ldap.conf there was no change. BINDDN cn=admin,dc=scms,dc=waikato,dc=ac,dc=nz BINDPW LDAPt3st I can query these users from a desktop that I want to use the LDAP server as an authentication source. Using * ldapsearch -x -H ldap://distilled.scms.waikato.ac.nz -b dc=scms,dc=waikato,dc=ac,dc=nz uid=LDilks* # extended LDIF # # LDAPv3 # base <dc=scms,dc=waikato,dc=ac,dc=nz> with scope subtree # filter: uid=LDilks # requesting: ALL # # LDilks, People, scms.waikato.ac.nz dn: uid=LDilks,ou=People, dc=scms, dc=waikato, dc=ac, dc=nz givenName: LDAP-Clint sn: Dilks telephoneNumber: 4546 loginShell: /bin/bash gidNumber: 1001 uidNumber: 1001 mail: clintd at scms.waikato.ac.nz objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: LDilks gecos: A Test LDAP account cn: LDAP-Clint Dilks homeDirectory: /home/LDAP-clint # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 *[root at distilled2 ~]# ldapsearch -x -H ldap://distilled.scms.waikato.ac.nz -b dc=scms,dc=waikato,dc=ac,dc=nz uid=BBuilder* # extended LDIF # # LDAPv3 # base <dc=scms,dc=waikato,dc=ac,dc=nz> with scope subtree # filter: uid=BBuilder # requesting: ALL # # BBuilder, scms.waikato.ac.nz dn: uid=BBuilder,dc=scms, dc=waikato, dc=ac, dc=nz givenName: Bob sn: Builder loginShell: /bin/bash uidNumber: 5001 gidNumber: 5001 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: BBuilder gecos: Got to love Cartoons cn: Bob Builder homeDirectory: /home/bob # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 The three files config files I am aware of are cat /etc/openldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never URI ldap://distilled.scms.waikato.ac.nz BASE dc=scms.dc=waikato,dc=ac,dc=nz #BINDDN cn=admin,dc=scms,dc=waikato,dc=ac,dc=nz #BINDPW LDAPt3st TLS_CACERTDIR /etc/openldap/cacerts cat /etc/nsswitch.conf | grep -v '^#' | grep -v '^$' passwd: files ldap shadow: files ldap group: files ldap hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files ldap publickey: nisplus automount: files ldap aliases: files nisplus cat /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so Can anyone give me any pointers as to where I am going wrong ?? And can anyone confirm or deny that by default I should be able to bind anonymously and get the required authentication information ? Thank you for any help you can offer.