I have followed the guide up to Client Configuration. My groups/users are imported into LDAP, I have modified my pam/ldap/nsswitch configuration accordingly. However, when I execute the command from Code Listing 3.6, I get only a single entry (read from /etc/passwd) and /var/log/messages reads: Jul 18 17:40:00 snotling slapd[11992]: conn=46 fd=15 ACCEPT from PATH=/var/run/openldap/slapd.sock (PATH=/var/run/openldap/slapd.sock) Jul 18 17:40:00 snotling slapd[11992]: conn=46 op=0 BIND dn="" method=128 Jul 18 17:40:00 snotling slapd[11992]: conn=46 op=0 RESULT tag=97 err=0 text= Jul 18 17:40:00 snotling slapd[11992]: conn=46 op=1 SRCH base="ou=People,dc=skolima,dc=homeip,dc=net" scope=1 deref=0 filter="(objectClass=posixAccount)" Jul 18 17:40:00 snotling slapd[11992]: conn=46 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Jul 18 17:40:00 snotling slapd[11992]: conn=46 op=1 SEARCH RESULT tag=101 err=50 nentries=0 text= Jul 18 17:40:00 snotling slapd[11992]: conn=46 fd=15 closed (connection lost) Jul 18 17:40:00 snotling slapd[11992]: connection_read(15): no connection! Jul 18 17:40:00 snotling slapd[11992]: connection_read(15): no connection! Executing the same search from console: ldapsearch -x -D "cn=Manager,dc=skolima,dc=homeip,dc=net" -W "(objectClass=posixAccount)" prints out all users (after entering the password set in slapd.conf) and results in log message: Jul 18 17:41:19 snotling slapd[11992]: conn=47 fd=15 ACCEPT from IP=192.168.0.13:57185 (IP=0.0.0.0:389) Jul 18 17:41:19 snotling slapd[11992]: conn=47 op=0 BIND dn="cn=Manager,dc=skolima,dc=homeip,dc=net" method=128 Jul 18 17:41:19 snotling slapd[11992]: conn=47 op=0 BIND dn="cn=Manager,dc=skolima,dc=homeip,dc=net" mech=SIMPLE ssf=0 Jul 18 17:41:19 snotling slapd[11992]: conn=47 op=0 RESULT tag=97 err=0 text= Jul 18 17:41:19 snotling slapd[11992]: conn=47 op=1 SRCH base="dc=skolima,dc=homeip,dc=net" scope=2 deref=0 filter="(objectClass=posixAccount)" Jul 18 17:41:19 snotling slapd[11992]: conn=47 op=1 SEARCH RESULT tag=101 err=0 nentries=50 text= Jul 18 17:41:19 snotling slapd[11992]: conn=47 op=2 UNBIND Jul 18 17:41:19 snotling slapd[11992]: conn=47 fd=15 closed I assume this is an access rights problem, please correct me if I'm wrong. I did my best to follow the guide to the letter, the ACL used are the base ones from listing 2.3 Reproducible: Always
Filling in rootbinddn in /etc/ldap.conf and inserting root password in /etc/ldap.secret allows users to log in using LDAP credentials, but does not solve the problem (e.g. prompt shows "I have no name@snotling" instead of "skolima@snotling").
LDAP team: is this a documentation issue, or a user problem (and thus a support request) that should be asked on the forums or IRC channels?
(In reply to comment #2) > LDAP team: is this a documentation issue, or a user problem (and thus a support > request) that should be asked on the forums or IRC channels? No response from the LDAP team; marking as NEEDINFO until we can get some answers or solutions.
(In reply to comment #1) > Filling in rootbinddn in /etc/ldap.conf and inserting root password in > /etc/ldap.secret allows users to log in using LDAP credentials, but does not > solve the problem (e.g. prompt shows "I have no name@snotling" instead of > "skolima@snotling"). You typically don't want to bind as LDAP's root just for verifying passwords. There are plenty of tutorials on the net about that, so I just felt the need to make it clear at this place, too.
