On 23.02.2011 00:49, Tim Dunphy wrote: > Hello list, > > I am running an openldap 2.4 server under FreeBSD that was working > well until the config was tweaked by someone on the team without > properly documenting their work > > # /usr/local/etc/ldap.con on ldap server (FreeBSD 8.1) > > host LBSD.summitnjhome.com > base dc=summitnjhome,dc=com > sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com > binddn cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com > bindpw {SSHA}secret > scope sub > pam_password exop > nss_base_passwd ou=staff,dc=summitnjhome,dc=com > nss_base_shadow ou=staff,dc=summitnjhome,dc=com > > # grep for ldap account shows ldap account on the ldap server itself succeeds > > [root at LBSD2:/usr/local/etc/openldap] #getent passwd | grep walbs > walbs:secret/:1002:1003:Walkiria Soares:/home/walbs:/usr/local/bin/bash > [root at LBSD2:/usr/local/etc/openldap] #grep walbs /etc/passwd > [root at LBSD2:/usr/local/etc/openldap] # > > # /etc/ldap.conf on ldap client (centos 5.5) > > host LBSD2.summitnjhome.com > base dc=summitnjhome,dc=com > sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com > binddn cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com > bindpw {crypt}secret Is the value of bindpw in /etc/ldap.conf actually a crypt hash? It should be cleartext. HTH, Deyan