[CentOS] openldap problems authenticating

Wed Feb 23 20:19:25 UTC 2011
Deyan Stoykov <dstoykov at uni-ruse.bg>

On 23.02.2011 00:49, Tim Dunphy wrote:
> Hello list,
>
> I am running an openldap 2.4 server under FreeBSD that was working
> well until the config was tweaked by someone on the team without
> properly documenting their work
>
> # /usr/local/etc/ldap.con on ldap server (FreeBSD 8.1)
>
> host LBSD.summitnjhome.com
> base dc=summitnjhome,dc=com
> sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com
> binddn cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com
> bindpw {SSHA}secret
> scope sub
> pam_password exop
> nss_base_passwd ou=staff,dc=summitnjhome,dc=com
> nss_base_shadow ou=staff,dc=summitnjhome,dc=com
>
> # grep for ldap account shows ldap account on the ldap server itself succeeds
>
> [root at LBSD2:/usr/local/etc/openldap] #getent passwd | grep walbs
> walbs:secret/:1002:1003:Walkiria Soares:/home/walbs:/usr/local/bin/bash
> [root at LBSD2:/usr/local/etc/openldap] #grep walbs /etc/passwd
> [root at LBSD2:/usr/local/etc/openldap] #
>
> # /etc/ldap.conf on ldap client (centos 5.5)
>
> host LBSD2.summitnjhome.com
> base dc=summitnjhome,dc=com
> sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com
> binddn cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com
> bindpw {crypt}secret

Is the value of bindpw in /etc/ldap.conf actually a crypt hash? It 
should be cleartext.

HTH,
Deyan