Hi Jose, That your 'ldapsearch -x' works suggests that /etc/openldap/ldap.conf is ok, so take a look in /etc/nsswitch.conf and make sure that you have a 'passwd: files ldap' and a 'group: files ldap' entry. If so , take a look and make sure that you have nss_ldap installed. I'm using suse 8.1: home/dative> rpm -qa | grep ldap nss_ldap-199-50 openldap2-client-2.1.4-70 yast2-ldap-client-2.6.5-112 pam_ldap-150-76 home/dative> On Friday 05 September 2003 04:26 pm, José Carlos Stevenson wrote:
Dear fellows,
I've just upgraded a working SuSE 7.3 to a 8.2 (I've reformated the HD, installed 8.2 from scratch and started configuring). My OpenLDAP is working fine (including TLS, replica, etc) and I can perform a successful "ldapsearch -x 'uid=edgar'" anytime but if I try a 'getent passwd edgar' it returns nothing. I've double-checked /etc/openldap/ldap.conf, /etc/openldap/slapd.conf, /etc/nsswitch and /etc/pam.d/*, I've also tried to use lines like "auth required pam_unix2.so" (seems new to SuSE8.2) or "auth required pam_ldap.so" (the lines I was using in SuSE 7.3) for some services without success: #%PAM-1.0 auth required pam_unix2.so account required pam_unix2.so #password required pam_pwcheck.so nullok #password required pam_unix2.so nullok use_first_pass use_authtok session required pam_unix2.so
OR #%PAM-1.0 auth required pam_ldap.so account required pam_ldap.so #password required pam_pwcheck.so nullok #password required pam_unix2.so nullok use_first_pass use_authtok session required pam_ldap.so
It's clear to me that there are more conf files involved in SuSE 8.2 than: /etc/openldap/*, /etc/nsswitch and /etc/pam.d/* but I don't have a clue which files. I've followed SuSE 8.2 docs and edited /etc/security/pam_unix2.conf like sugested in "To use the pam_ldap module, you need to do the following:
If you use the default SuSE Linux PAM configuration, you only need to edit /etc/security/pam_unix2.conf and add the "use_ldap" option for account, auth and password management. If you configure LDAP with YaST2, YaST2 will do this for you.
Else edit all the /etc/pam.d configurations file to use the pam_ldap module. Look in /usr/share/doc/packages/pam_ldap for examples."
I've tried both methods above without sucess (the first seems to be system wide and the second, service specific). I've also tried to use YAST-LDAP-client-configurator and it worked just fine till the next reestart!!! - I've tried YAST again after the first reestart but it didn't work anymore.
Could anyone point me some SuSE 8.2 especific documentations (other than /usr/share/doc) and/or all the file names (and their locations) involved.
Thanks in advance, José Carlos Stevenson.