|
Bugzilla – Full Text Bug Listing |
| Summary: | LDAP user authentification without ssl seized to work on upgrade from 12.1 to 12.2 | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 12.2 | Reporter: | Forgotten User EIY1lUxGuI <forgotten_EIY1lUxGuI> |
| Component: | Other | Assignee: | Ralf Haferkamp <ralf> |
| Status: | RESOLVED DUPLICATE | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | forgotten_EIY1lUxGuI, vcizek |
| Version: | RC 2 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: |
/etc/ldap.conf
/etc/nsswitch.conf /etc/openldap/ldap.conf |
||
|
Description
Forgotten User EIY1lUxGuI
2012-08-13 20:10:15 UTC
Please attach /etc/nsswitch.conf and /etc/openldap/ldap.conf. /var/log/message from a failed getent passwd might also help. Created attachment 502422 [details]
/etc/nsswitch.conf
Created attachment 502423 [details]
/etc/openldap/ldap.conf
(In reply to comment #2) > Please attach /etc/nsswitch.conf and /etc/openldap/ldap.conf. /var/log/message > from a failed getent passwd might also help. I configured User and Group Management to use LDAP in Yast2. This is the corresponding part of /var/log/messages: Aug 15 20:43:51 sauron sssd: Could not open file [/var/log/sssd/sssd.log]. Error: [2][No such file or directory] Aug 15 20:43:51 sauron systemd[1]: sssd.service: control process exited, code=exited status=7 Aug 15 20:43:51 sauron systemd[1]: Unit sssd.service entered failed state. sauron:~ # systemctl status sssd.service sssd.service - System Security Services Daemon Loaded: loaded (/lib/systemd/system/sssd.service; enabled) Active: failed (Result: exit-code) since Wed, 15 Aug 2012 20:43:51 +0200; 19s ago Process: 8214 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=7) CGroup: name=systemd:/system/sssd.service I manually created the missing /var/log/sssd and I manually turned off again ssl (ssl no) in /etc/ldap.conf (IMHO the latter should be made configurable as in the Yast2 LDAP Browser). I then ran /etc/init.d/sssd restart and got: Aug 15 20:45:02 sauron sssd: nscd socket was detected. Nscd caching capabilities may conflict with SSSD for users and groups. It is recommended not to run nscd in parallel with SSSD, unless nscd is configured not to cache the passwd, group and netgroup nsswitch maps. Aug 15 20:45:02 sauron sssd: Starting up Aug 15 20:45:02 sauron sssd[be[default]]: Starting up Aug 15 20:45:03 sauron sssd[nss]: Starting up Aug 15 20:45:03 sauron sssd[pam]: Starting up Running getent passwd and getent group reads backs the contents of /etc/passwd and /etc/group without the additional accounts on the LDAP server. I played around with turning nscd off and sssd on and vice versa but getent passwd never showed me the additional accounts on the LDAP server. Kind regards, Boris So you are using sssd and not nss_ldap, sssd's configuration is not in /etc/ldap.conf but /etc/sssd/sssd.conf. And sssd doesn't support authentication without using a TLS/SSL protected connection. See bug#775167 for possible workarounds. *** This bug has been marked as a duplicate of bug 775167 *** |