[Bug 711258] New: Setting LDAP on command line with yast2 doesn't work
https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c0 Summary: Setting LDAP on command line with yast2 doesn't work Classification: openSUSE Product: openSUSE 11.4 Version: Factory Platform: i586 OS/Version: openSUSE 11.4 Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: haukeh@pc-kiel.de QAContact: jsrain@novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:5.0) Gecko/20100101 Firefox/5.0 When I run yast2 keyboard summary yast2 language summary it says that "German" is set. But keyboard is still english. If I use the yast2 text gui the language is set properly. LDAP configuration is not working too (text gui doesn't work either). yast2 ldap pam enable server="192.168.1.2" base="dn=nodomain" tls=no mkhomedir=yes yast2 ldap pam enable Reproducible: Always Steps to Reproduce: 1. yast2 ldap pam enable server="192.168.1.2" base="dn=nodomain" tls=no mkhomedir=yes 2. yast2 ldap pam enable 3. Try to log in with your LDAP credentials Actual Results: No LDAP login possible. Expected Results: LDAP login possible. After reboot /etc/ldap.conf contains: host 127.0.0.1 base dc=example,dc=com bind_policy soft pam_lookup_policy yes pam_password exop nss_initgroups_ignoreusers root,ldap nss_schema rfc2307bis This is not what I entered. nss_map_attribute uniqueMember member ssl start_tls -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c1
--- Comment #1 from Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c
Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c2
Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c3
--- Comment #3 from Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c4
--- Comment #4 from Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c5
Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c6
--- Comment #6 from Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c7
--- Comment #7 from Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c8
Jiří Suchomel
2. "pam-config -q --sss" produces:
auth: account: password: session:
That means sssd is set up, and you probably do not want it.
3. No. The values are shown in the text gui, but "pam-config -q --sss" produces the same output as under "2.".
Try to switch sssd off, it's in Advanced Configuration screen.
4. The option "sssd=no" is not available.
That's bad. What version of yast2-ldap-client do you have? Version yast2-ldap-client-2.20.14.1 should be available for online update (bug 680848) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c9
--- Comment #9 from Jiří Suchomel
In the text gui, "LDAP TLS/SSL" cannot be deactivated.
That's correct when SSSD is on.
Then under "Advanced configuration" I deactivated "SSSD" (no tick is set), but on the "LDAP Client Configuration" page, SSSD is activated (and cannot be deactivated). "LDAP TLS/SSL" is now unticked. (See screenshots ldap1/2.png)
Right. Now, I think it should work for you, doesn't it?
Therefore "SSSD Offline Authentification" is now ticked and cannot be deactivated.
The value of "SSSD Offline Authentification" does not matter when "SSSD" is unchecked. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c10
Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c11
Jiří Suchomel
Installed is "yast2-ldap-client-2.20.14-3.1.noarch".
That's not correct version. Do you have online repositories configured?
(Even after reboot)
That should not help here.
/etc/sysconfig/ldap contains:
Not relevant.
Is there a possibillity to configure LDAP by hand?
Yes, but let's try to fix YaST, right? :-) After you've done the changes from comment 5, did you save them? I mean switch sssd off. Packages pam_ldap and nss_ldap should be installed. After that, "pam-config -q --sss" should show empty output and pam-config -q --ldap should show something more. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c12
--- Comment #12 from Jiří Suchomel
(In reply to comment #10)
Installed is "yast2-ldap-client-2.20.14-3.1.noarch".
That's not correct version. Do you have online repositories configured?
I just checked there's yast2-ldap-client-2.20.14.1-0.3.1.noarch.rpm available at http://download.opensuse.org/update/11.4/rpm/noarch/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c13
Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c14
Jiří Suchomel
Package is now "yast2-ldap-client-2.20.14.1-0.3.1.noarch".
The new package you've installed offers command line option 'sssd'. So you need to call "yast2 ldap pam enable server="192.168.1.2" base="dn=nodomain sssd=no"
I tried the yast2 text gui once more and played a bit with the settings, but no (visible) change appeared.
BTW, you didn't answer my questions if you turned off sssd in GUI, saved settings and seen any changes after it (comment 9 and comment 11). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c15
--- Comment #15 from Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c16
--- Comment #16 from Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c17
--- Comment #17 from Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c18
Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c19
Jiří Suchomel
Ok, after the update the "sssd" option exists, but unfortunately
yast2 ldap pam enable server="192.168.1.2" base="dn=nodomain sssd=no
doesn't change anything:
"pam-config -q --sss" : newline "pam-config -q --ldap": auth: account: password: session:
This is actually correct output (ldap set, sss not). Are you sure you've described it correctly?
1. yast2 ldap 2. "SSSD Offline Authentication" is activated and cannot be disabled (ldap1.png) 3. Now I choose "[Advanced Configuration...]" 4. "Use System Security Services Daemon (SSSD)" is deactivated (ldap2.png) 5. I press F10 to leave/save 6. LDAP main screen unchanged (ldap3.png) 7. I press F10 to leave/save
Hm, maybe it did not detect the changes... (that would be a bug). Please try to first switch LDAP authentication off (yast2 ldap pam disable), and than start it again with sssd=no. Also, attach y2logs, /etc/nsswitch.conf and /etc/ldap.conf -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c20
--- Comment #20 from Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c21
--- Comment #21 from Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c22
Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c23
Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c24
--- Comment #24 from Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c25
Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c26
Jiří Suchomel
For /etc/nsswitch.conf I would assume that the line "passwd: compat" should be "passwd: files ldap". The values in /etc/ldap.conf seem to make sense.
This is correct.
If I should see information and not only empty lines when calling "pam-config -q --sss" and "pam-config -q --ldap", then it's not working.
You see empty line for 'pam-config -q --sss' because sssd is not configured, which is correct for you. You see correct information for "pam-config -q --ldap"
And I cannot login with my LDAP users that are existing on the LDAP server.
OK, so this finally is wrong :-) What does /var/log/messages say after you try to login? Does 'getent passwd' enumerate LDAP users? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c27
Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c28
Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c29
Ralf Haferkamp
A bit strange is the line "pam_ldap: ldap_search_s Invalid DN syntax" and this should be the point of error. My base DN with "dn=nodomain" is rather simple and works well on other clients. Are you sure that "dn=nodomain" is correct for you and you didn't mean "dc=nodomain" (note the "dc" instead of "dn")?
Usually OpenLDAP does return the above message if the DN contains an Attribute that is not defined on the server ("dn" in your case). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c30
Hauke Hhaaa
https://bugzilla.novell.com/show_bug.cgi?id=711258
https://bugzilla.novell.com/show_bug.cgi?id=711258#c31
Jiří Suchomel
participants (1)
-
bugzilla_noreply@novell.com