[Bug 739078] New: Cannot authenticate via LDAP after switch to nslcd
https://bugzilla.novell.com/show_bug.cgi?id=739078 https://bugzilla.novell.com/show_bug.cgi?id=739078#c0 Summary: Cannot authenticate via LDAP after switch to nslcd Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: i586 OS/Version: SuSE Other Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: lynn@steve-ss.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Ubuntu/11.10 Chromium/15.0.874.106 Chrome/15.0.874.106 Safari/535.2 Having used Yast LDAP client to setup LDAP, switching to nss_pam_ldapd does not retain the settings in /etc/nsswitch.conf nor in /etc/pam.d/*. Settings in /etc/ldap.conf seem to conflict with settings in /etc/nslcd.conf. Reproducible: Always Steps to Reproduce: 1.Setup LDAP client using Yast 2.Authenticate via LDAP. 3.Install nss_pam_ldapd via yast and accept to remove nss_ldap. 4.Configure /etc/nslcd.conf with your own settings Actual Results: Cannot now authenticate via LDAP. Expected Results: Transparent migration from nss_ldap to nss_pam_ldapd. The files in /etc/pam.d seem to lose all references to LDAP when Yast LDAP Client is set to not use LDAP. The solution is to overwrite /etc/pam.d with a copy from before you disable LDAP in Yast LDAP Client. Would it be possible for Yast to make the switch to nslcd and preserve the pam settings? Maybe I should leave the Yast settings to 'Use LDAP', but then /etc/ldap.conf is used instead of /etc/nslcd.conf -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=739078 https://bugzilla.novell.com/show_bug.cgi?id=739078#c1 --- Comment #1 from lynn wilson <lynn@steve-ss.com> 2012-01-01 08:53:06 UTC --- The reason for the change was to be able to put the bind password in the config file. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=739078 https://bugzilla.novell.com/show_bug.cgi?id=739078#c2 kk zhang <kkzhang@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED CC| |kkzhang@novell.com Resolution| |NORESPONSE --- Comment #2 from kk zhang <kkzhang@novell.com> 2012-03-09 07:26:51 UTC --- Long time no response.So closed.Feel free to reopen it.Thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=739078 https://bugzilla.novell.com/show_bug.cgi?id=739078#c3 Jan Engelhardt <jengelh@medozas.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED CC| |jengelh@medozas.de Resolution|NORESPONSE | --- Comment #3 from Jan Engelhardt <jengelh@medozas.de> 2012-03-10 09:13:53 UTC --- (Revert bogus close.) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=739078 https://bugzilla.novell.com/show_bug.cgi?id=739078#c4 --- Comment #4 from lynn wilson <lynn@steve-ss.com> 2012-03-10 11:37:12 UTC --- Hi All that is needed is to leave pam and /etc/nsswitch exactly as they are and point at /etc/nslcd.conf rather that /etc/ldap.conf. In Ubuntu they set the nslcd user for you too but his may be considered too intrusive. Thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=739078 https://bugzilla.novell.com/show_bug.cgi?id=739078#c5 --- Comment #5 from Jan Engelhardt <jengelh@medozas.de> 2012-03-11 13:29:09 UTC --- Deactivating the SSSD box in yast2-ldap-client causes nsswitch.conf to be modified to read: passwd: compat group: files ldap Such that anything but nss_sssd is halfway broken. That said, I do not see a reason not to use sssd; it essentially replaced nss_pam_ldpad/nslcd too. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=739078 https://bugzilla.novell.com/show_bug.cgi?id=739078#c6 kk zhang <kkzhang@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO InfoProvider| |lynn@steve-ss.com --- Comment #6 from kk zhang <kkzhang@novell.com> 2012-04-01 03:18:41 UTC --- Hi,thank you for your report.Could you please attach y2logs according to the following URL?Thank you http://en.opensuse/openSUSE:Bugreport_YaST -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=739078 https://bugzilla.novell.com/show_bug.cgi?id=739078#c7 lynn wilson <lynn@steve-ss.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED InfoProvider|lynn@steve-ss.com | --- Comment #7 from lynn wilson <lynn@steve-ss.com> 2012-04-01 07:40:16 UTC --- (In reply to comment #6)
Hi,thank you for your report.Could you please attach y2logs according to the following URL?Thank you http://en.opensuse/openSUSE:Bugreport_YaST
URL does not exist. Shall we close this now? We know the workaround. Yast can't be expected to do all this for us. To summarise: When changing from nss-ldap to nss-pam-ldap simply run Yast>User and Group Management>Configure Athentication>LDAP -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=739078 https://bugzilla.novell.com/show_bug.cgi?id=739078#c kk zhang <kkzhang@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |jsuchome@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=739078 https://bugzilla.novell.com/show_bug.cgi?id=739078#c8 Jan Engelhardt <jengelh@medozas.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |INVALID --- Comment #8 from Jan Engelhardt <jengelh@medozas.de> 2012-04-13 07:50:23 UTC --- Closing as suggested. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=739078 https://bugzilla.novell.com/show_bug.cgi?id=739078#c9 --- Comment #9 from Jan Engelhardt <jengelh@medozas.de> 2012-04-13 07:51:24 UTC --- URL was http://en.opensuse.org/openSUSE:Bugreport_Yast -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com