https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c Jiří­ Suchomel changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsuchome@novell.com AssignedTo|bnc-team-screening@forge.pr |jsuchome@novell.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c3 --- Comment #3 from Hauke Hhaaa 2011-08-10 12:09:10 UTC --- Created an attachment (id=445155) --> (http://bugzilla.novell.com/attachment.cgi?id=445155) yast2 log -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c5 Hauke Hhaaa changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|haukeh@pc-kiel.de | --- Comment #5 from Hauke Hhaaa 2011-08-10 12:23:15 UTC --- I've tried some other things: In the text gui, "LDAP TLS/SSL" cannot be deactivated. Then under "Advanced configuration" I deactivated "SSSD" (no tick is set), but on the "LDAP Client Configuration" page, SSSD is activated (and cannot be deactivated). "LDAP TLS/SSL" is now unticked. (See screenshots ldap1/2.png) Therefore "SSSD Offline Authentification" is now ticked and cannot be deactivated. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c7 --- Comment #7 from Hauke Hhaaa 2011-08-10 12:24:06 UTC --- Created an attachment (id=445159) --> (http://bugzilla.novell.com/attachment.cgi?id=445159) yast2 ldap2 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c9 --- Comment #9 from Jiří­ Suchomel 2011-08-10 12:26:36 UTC --- (In reply to comment #5)

In the text gui, "LDAP TLS/SSL" cannot be deactivated.

That's correct when SSSD is on.

Then under "Advanced configuration" I deactivated "SSSD" (no tick is set), but on the "LDAP Client Configuration" page, SSSD is activated (and cannot be deactivated). "LDAP TLS/SSL" is now unticked. (See screenshots ldap1/2.png)

Right. Now, I think it should work for you, doesn't it?

Therefore "SSSD Offline Authentification" is now ticked and cannot be deactivated.

The value of "SSSD Offline Authentification" does not matter when "SSSD" is unchecked. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c11 Jiří­ Suchomel changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |haukeh@pc-kiel.de --- Comment #11 from Jiří­ Suchomel 2011-08-10 13:12:50 UTC --- (In reply to comment #10)

Installed is "yast2-ldap-client-2.20.14-3.1.noarch".

That's not correct version. Do you have online repositories configured?

(Even after reboot)

That should not help here.

/etc/sysconfig/ldap contains:

Not relevant.

Is there a possibillity to configure LDAP by hand?

Yes, but let's try to fix YaST, right? :-) After you've done the changes from comment 5, did you save them? I mean switch sssd off. Packages pam_ldap and nss_ldap should be installed. After that, "pam-config -q --sss" should show empty output and pam-config -q --ldap should show something more. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c13 Hauke Hhaaa changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|haukeh@pc-kiel.de | --- Comment #13 from Hauke Hhaaa 2011-08-11 16:54:23 UTC --- In the gui I pressed F10 to leave the screens, so the changes should be saved. I had only http://ftp.osuosl.org/pub/opensuse/distribution/11.4/repo/oss/ in my list. Now I've added http://download.opensuse.org/update/11.4/ and started the update of the complete system, but unfortunately there is no much change. Package is now "yast2-ldap-client-2.20.14.1-0.3.1.noarch". "pam-config -q --sss" produces again: auth: account: password: session: And "pam-config -q --ldap" only a newline (no output). Then I tried "yast2 ldap pam enable server="192.168.1.2" base="dn=nodomain" tls=no" and "yast2 ldap pam enable" again. No change. I tried the yast2 text gui once more and played a bit with the settings, but no (visible) change appeared. /etc/nsswitch.conf does not contain any ldap information, but only lines with "files": .. passwd: compat sss group: files sss hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files dns services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files nis aliases: files -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c15 --- Comment #15 from Hauke Hhaaa 2011-08-13 17:10:31 UTC --- Created an attachment (id=445726) --> (http://bugzilla.novell.com/attachment.cgi?id=445726) ldap1.png -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c17 --- Comment #17 from Hauke Hhaaa 2011-08-13 17:12:02 UTC --- Created an attachment (id=445728) --> (http://bugzilla.novell.com/attachment.cgi?id=445728) ldap3.png -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c19 Jiří­ Suchomel changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |haukeh@pc-kiel.de --- Comment #19 from Jiří­ Suchomel 2011-08-15 06:45:20 UTC --- (In reply to comment #18)

Ok, after the update the "sssd" option exists, but unfortunately

yast2 ldap pam enable server="192.168.1.2" base="dn=nodomain sssd=no

doesn't change anything:

"pam-config -q --sss" : newline "pam-config -q --ldap": auth: account: password: session:

This is actually correct output (ldap set, sss not). Are you sure you've described it correctly?

1. yast2 ldap 2. "SSSD Offline Authentication" is activated and cannot be disabled (ldap1.png) 3. Now I choose "[Advanced Configuration...]" 4. "Use System Security Services Daemon (SSSD)" is deactivated (ldap2.png) 5. I press F10 to leave/save 6. LDAP main screen unchanged (ldap3.png) 7. I press F10 to leave/save

Hm, maybe it did not detect the changes... (that would be a bug). Please try to first switch LDAP authentication off (yast2 ldap pam disable), and than start it again with sssd=no. Also, attach y2logs, /etc/nsswitch.conf and /etc/ldap.conf -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c21 --- Comment #21 from Hauke Hhaaa 2011-08-16 13:18:11 UTC --- Created an attachment (id=445961) --> (http://bugzilla.novell.com/attachment.cgi?id=445961) ldap.conf -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c23 Jiří­ Suchomel changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |haukeh@pc-kiel.de --- Comment #23 from Jiří­ Suchomel 2011-08-16 13:20:36 UTC --- And this is correct, right? Config files and pam-config output show correct LDAP configuration. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c25 Hauke Hhaaa changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|haukeh@pc-kiel.de | --- Comment #25 from Hauke Hhaaa 2011-08-16 13:29:51 UTC --- I'm not sure if it is right for opensuse. For /etc/nsswitch.conf I would assume that the line "passwd: compat" should be "passwd: files ldap". The values in /etc/ldap.conf seem to make sense. If I should see information and not only empty lines when calling "pam-config -q --sss" and "pam-config -q --ldap", then it's not working. And I cannot login with my LDAP users that are existing on the LDAP server. So I would say that it doesn't work ;-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c27 Hauke Hhaaa changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|haukeh@pc-kiel.de | --- Comment #27 from Hauke Hhaaa 2011-08-17 14:23:00 UTC --- Created an attachment (id=446202) --> (http://bugzilla.novell.com/attachment.cgi?id=446202) tail of /var/log/messages Now I use another LDAP server (with identical LDAP layout) on 192.168.1.77. In the LDAP is a user "test". 1. I tried to login via ssh with user "test". Doesn't work. 2. I tried to login via KDM with user "test". Doesn't work. A bit strange is the line "pam_ldap: ldap_search_s Invalid DN syntax" and this should be the point of error. My base DN with "dn=nodomain" is rather simple and works well on other clients. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c29 Ralf Haferkamp changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rhafer@novell.com InfoProvider|rhafer@novell.com |haukeh@pc-kiel.de --- Comment #29 from Ralf Haferkamp 2011-08-22 12:00:53 CEST --- (In reply to comment #27)

A bit strange is the line "pam_ldap: ldap_search_s Invalid DN syntax" and this should be the point of error. My base DN with "dn=nodomain" is rather simple and works well on other clients. Are you sure that "dn=nodomain" is correct for you and you didn't mean "dc=nodomain" (note the "dc" instead of "dn")?

Usually OpenLDAP does return the above message if the DN contains an Attribute that is not defined on the server ("dn" in your case). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=711258 https://bugzilla.novell.com/show_bug.cgi?id=711258#c31 Jiří Suchomel changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE --- Comment #31 from Jiří Suchomel 2011-08-26 13:46:15 UTC --- OK, so this is actually duplicate of bug 680848: once there's CLI option for sssd, it works *** This bug has been marked as a duplicate of bug 680848 *** http://bugzilla.novell.com/show_bug.cgi?id=680848 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.