[CentOS] LDAP login problem for CentOS 6.5

Fri Jun 6 07:04:43 UTC 2014
mordech3 at post.tau.ac.il <mordech3 at post.tau.ac.il>


We are experiencing a problem to use LDAP user accounts to login into  
a CentOS system.

A fresh 6.5 system was installed recently to become a central server.
Both OpenLDAP and 389 Directory Server were installed and configured  
(not at the same time) with groups and normal user accounts.
The server was configured to use LDAP authentication (through  
authconfig and system-config-authentication).

First, the LDAP user wasn't identified by running the 'id' command.  
The same with SSH. Although ldapsearch listed all objects correctly.
Observing /var/log/secure had shown that the user is not identified at  
all (no uid etc.). Following another article, POSIX details (uid +  
gid, and set gid to some LDAP group) were set for that user and the  
'id' command was successful.

However, still, SSH connections are refused and the log states:
"Authentication service cannot retrieve authentication info" (for pam_sss).
The secure log shows that user details are unavailable  
(uid=0,gid=0...) to sshd.
Locally, when a root performs "su user", the login is successful, home  
is created and the secure log state authentication is performed by  
pam_unix, contrast to pam_sss.

Need to mention that we've tried to follow most of the literature  
online (RedHat directory server, CentOS OpenLDAP client setup and many  
other resources). None were found to be complete enough to bring a  
system to a working state where users are able to login and  

In addition, system-config-authentication requires the use of LDAPS or  
LDAP with TLS. Only command line tools are able to configure simple  
LDAP (no TLS or SSL).
However, even being a security measure, we'd like to avoid all the  
(serious) burden of working with certificates at first for simple  

Any comment or insight will be helpful.
In addition, any link to where we can find a step-by-step guide to  
install an  (working) LDAP server with a client, will be more than  

Many thanks,