[Bug 775743] New: LDAP user authentification without ssl seized to work on upgrade from 12.1 to 12.2
https://bugzilla.novell.com/show_bug.cgi?id=775743 https://bugzilla.novell.com/show_bug.cgi?id=775743#c0 Summary: LDAP user authentification without ssl seized to work on upgrade from 12.1 to 12.2 Classification: openSUSE Product: openSUSE 12.2 Version: RC 2 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: omega@online.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- Created an attachment (id=502181) --> (http://bugzilla.novell.com/attachment.cgi?id=502181) /etc/ldap.conf User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20100101 Firefox/14.0.1 Bug #775167 may be related. I set up openldap server on open-wrt router as central instance to authenticate against. This works fine in openSUSE 12.1 I used the identical configuration (attached) with openSUSE 12.2 RC2 and it does not work. getent passwd does not show the users in the LDAP servers database, even not after reboot. LDAP browsing with Yast2 works. By the way, Yast2 does not offer an option to turn of ssl thus I had to do it manually in /etc/ldap.conf. LDAP server logs are not available (logging unavailable in the open-wrt package). I do not know what logs to check on the openSUSE client. /etc/ldap.secret is present, correctly filled, and chmod to 600. Basically, I copied over the config files from 12.1 to make sure no typos but it does not work. Reproducible: Always -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=775743
https://bugzilla.novell.com/show_bug.cgi?id=775743#c
kk zhang
https://bugzilla.novell.com/show_bug.cgi?id=775743
https://bugzilla.novell.com/show_bug.cgi?id=775743#c2
Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=775743
https://bugzilla.novell.com/show_bug.cgi?id=775743#c3
--- Comment #3 from Boris Neubert
https://bugzilla.novell.com/show_bug.cgi?id=775743
https://bugzilla.novell.com/show_bug.cgi?id=775743#c4
--- Comment #4 from Boris Neubert
https://bugzilla.novell.com/show_bug.cgi?id=775743
https://bugzilla.novell.com/show_bug.cgi?id=775743#c5
Boris Neubert
Please attach /etc/nsswitch.conf and /etc/openldap/ldap.conf. /var/log/message from a failed getent passwd might also help.
I configured User and Group Management to use LDAP in Yast2. This is the corresponding part of /var/log/messages: Aug 15 20:43:51 sauron sssd: Could not open file [/var/log/sssd/sssd.log]. Error: [2][No such file or directory] Aug 15 20:43:51 sauron systemd[1]: sssd.service: control process exited, code=exited status=7 Aug 15 20:43:51 sauron systemd[1]: Unit sssd.service entered failed state. sauron:~ # systemctl status sssd.service sssd.service - System Security Services Daemon Loaded: loaded (/lib/systemd/system/sssd.service; enabled) Active: failed (Result: exit-code) since Wed, 15 Aug 2012 20:43:51 +0200; 19s ago Process: 8214 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=7) CGroup: name=systemd:/system/sssd.service I manually created the missing /var/log/sssd and I manually turned off again ssl (ssl no) in /etc/ldap.conf (IMHO the latter should be made configurable as in the Yast2 LDAP Browser). I then ran /etc/init.d/sssd restart and got: Aug 15 20:45:02 sauron sssd: nscd socket was detected. Nscd caching capabilities may conflict with SSSD for users and groups. It is recommended not to run nscd in parallel with SSSD, unless nscd is configured not to cache the passwd, group and netgroup nsswitch maps. Aug 15 20:45:02 sauron sssd: Starting up Aug 15 20:45:02 sauron sssd[be[default]]: Starting up Aug 15 20:45:03 sauron sssd[nss]: Starting up Aug 15 20:45:03 sauron sssd[pam]: Starting up Running getent passwd and getent group reads backs the contents of /etc/passwd and /etc/group without the additional accounts on the LDAP server. I played around with turning nscd off and sssd on and vice versa but getent passwd never showed me the additional accounts on the LDAP server. Kind regards, Boris -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=775743
https://bugzilla.novell.com/show_bug.cgi?id=775743#c6
Ralf Haferkamp
participants (1)
-
bugzilla_noreply@novell.com