Hi all,
We have an OpenLDAP server (RHEL6) running version 2.4.23-15, and we have clients in RHEL5 and RHEL6.With clients in RHEL5 works properly but I found some problems with RHEL6 clients in versions newer than 2.4.19-15.
In the clients, if I try to upgrade to new versions than 2.4.19-15 then the client stops working:
[root@XX ~]# rpm -qa | grep openldapopenldap-2.4.19-15.el6.x86_64openldap-clients-2.4.19-15.el6.x86_64[root@XX ~]# ldapsearch -x -D 'cn=authenticate, ou=System,dc=test, dc=es' '(objectclass=*)' -W -ZZEnter LDAP Password:# extended LDIF## LDAPv3......[root@XX ~]# id estheruid=63004(esther) gid=50041(test) groups=50041(test)
[root@XX ~]# yum upgrade openldap*.....Updating : openldap-2.4.23-20.el6.x86_64 1/4warning: /etc/openldap/ldap.conf created as /etc/openldap/ldap.conf.rpmnewUpdating : openldap-clients-2.4.23-20.el6.x86_64 2/4Cleanup : openldap-clients-2.4.19-15.el6.x86_64 3/4Cleanup : openldap-2.4.19-15.el6.x86_64 4/4
Updated:openldap.x86_64 0:2.4.23-20.el6 openldap-clients.x86_64 0:2.4.23-20.el6
Complete!
[root@XX ~]# service nslcd restartStopping nslcd: [ OK ]Starting nslcd: [ OK ][root@XX ~]# id estherid: esther: No such user[root@XX ~]# ldapsearch -x -D 'cn=authenticate, ou=System,dc=test, dc=es' '(objectclass=*)' -W -ZZldap_start_tls: Connect error (-11)
I have the same configuration files that used with the older version. I use these configuration files:
Any idea on what the issue is? Am I missing anything?/etc/pam_ldap.conf:base dc=test,dc=esbinddn cn=authenticate,ou=System,dc=test,dc=esbindpw XXXXtimelimit 120bind_timelimit 120idle_timelimit 3600pam_lookup_policy yespam_password exopnss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdmssl start_tlstls_cacertdir /etc/openldap/cacertspam_password md5
/etc/nslcd.confuid nslcdgid ldapbase dc=test,dc=esbinddn cn=authenticate,ou=System,dc=test,dc=esbindpw XXXXssl start_tlstls_cacertdir /etc/openldap/cacertstimelimit 120bind_timelimit 120idle_timelimit 3600
/etc/openldap/ldap.conf:BASE dc=test,dc=esTLS_CACERT /etc/openldap/cacerts/catest.crt
CAcert file:
[root@XX ~]# ls -l /etc/openldap/cacerts/catest.crt-rw-r--r--. 1 root root 1655 May 23 15:23 /etc/openldap/cacerts/catest.crt
Thanks in advance,
Esther