Rick Tautin wrote:
The directory is the only place that there is user information. I took all the entries out of the old password file and the only thing that is in there are the local accounts. So if it is not getting its credentials from the directory I don't know where it would be getting it from. Also when I stop the server I am unable to check mail or ftp to our servers.
You're missing the crucial point that Unix services can authenticate users against an LDAP database without performing an LDAP Bind operation on that user. I.e., with sufficient privileges nss_ldap can just retrieve a user's userPassword attribute and authenticate against it when it is stored in crypt(3) format, even if slapd doesn't itself support crypt (or the same version of crypt).
-----Original Message----- From: openldap-software-bounces+rtautin=coppolaenterprises.net@OpenLDAP.org [mailto:openldap-software-bounces+rtautin=coppolaenterprises.net@OpenLDA P.org] On Behalf Of Pierangelo Masarati Sent: Monday, August 13, 2007 4:01 PM To: Rick Tautin Cc: openldap-software@openldap.org Subject: Re: Problem changing passwords after import
Rick Tautin wrote:
That is where all the usernames and passwords are is in openldap, and I am trying to use the ldappasswd command to change it. If when I complied openldap if enable-crypt was disabled would I even be able to login to other servers that are authenticating back to openldap?
How can you tell the other services bind to OpenLDAP if even ldapwhoami can't? I guess binding to OpenLDAP fails, and services fall back to file based data. Please carefully check the logs of your server before proceeding any further. It seems clear, from the little info you posted, that basic authentication (LDAP simple bind) is not working with the credentials you stored in your directory.