This thread is a good example of why top-posting sucks ...
On Friday, 25 March 2011 17:27:10 Kevin Josue Zambrano Chavez wrote:
On Fri, Mar 25, 2011 at 10:23 AM, Marco Pizzoli
marco.pizzoli@gmail.comwrote:
Hi, I could be corrected if I'm wrong, but this problem is not related to OpenLDAP. It's a nss_ldap problem. nss_ldap is a client library that's used by linux vendors to achieves seamless integration of users against *a* LDAP server.
I had a similar problem with a complex configuration and bypassed (not solved) the problem by modifying my client configuration.
I reduced the number of ldap server configured to be accessed: from 4 to 3. I reduced the number of users defined in *nss_initgroups_ignoreusers*directive: i had about 40 listed in it...
IMHO, this is the wrong fix anyway, but most likely has nothing to do with the OPs problem.
Etc...
Make some tries and tell me if you can solve it.
Marco
On Thu, Mar 24, 2011 at 9:25 PM, Srivatsav M
srivatsav.mudumba@gmail.comwrote:
Hi,
We are using OpenLDAP for authenticating users registered in a LDAP server (Open LDAP, Active Directory).
Which one? Or both?
After adding 8 principals (/etc/ldap.conf), none of the users registered in the /etc/ldap.conf file are able to login.
Users shouldn't be "registered in the /etc/ldap.conf file".
nss_base_passwd OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=par entcompname nss_base_shadow OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=par entcompname nss_base_group OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=par entcompname
Please supply a full copy of your /etc/ldap.conf, or at least a representative one, and provide the example output of 'getent passwd username' and 'groups username' for the user who doesn't authenticate. You may also want to supply the relevant PAM configuration files.
Also, please provide details of your LDAP client (distribution release, what versions of nss_ldap and pam_ldap you are running).
Can you please share the reason for this 7 limitation in the open ldap library. or how I can fix this issue. I am looking i for the header file in the source files whhich has this constant or limitation defined.
Tried googling, but it appears that no one has encountered this issue.
Some customers are running into this issue and it has become a severity 1 issue to fix.
[...]
Hi all,
Have you tried with "nss-ldapd" [1] [2], a fork from NSS LDAP Package from PADL Software Pty Ltd.?
Do we know what the actual problem is? Do we know it would be solved by nss- ldapd?
There might be a simple misunderstanding here, or a simple configuration problem, and switching software might not solve that.
Additionally, the distribution in question may have a different preferred LDAP client.
Regards, Buchan