LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Enterprise (http://www.linuxquestions.org/questions/linux-enterprise-47/)
-   -   RHEL6: LDAP-based Auth, pam_ldap, and uidNumber issues... (http://www.linuxquestions.org/questions/linux-enterprise-47/rhel6-ldap-based-auth-pam_ldap-and-uidnumber-issues-859244/)

enigma_0Z 01-28-2011 09:50 AM

RHEL6: LDAP-based Auth, pam_ldap, and uidNumber issues...
 
I'm trying to migrate from an RHEL4/5 set up to the latest & greatest RHEL6, and we provide a single point of storage for authentication credentials in an LDAP directory.

Currently, all the user ID's are padded out with zeroes when they're written to LDAP (this is an artifact of the DB server that's actually doing the writing). This wasn't a problem with RHEL4 and 5, but apparently, now the pam_ldap module in RHEL6 sees this as a "non-numeric" or invalid user id. If I go an modify the directory and change the first digit to non-zero, it works just fine. Rather than change the entire directory of some 10,000+ users, as well as the way our DB writes out these entries, is there a way to make the pam_ldap module, sssd, or nslcd (or whatever else I need to change) more permissive and allow these padded zeroes?

enigma_0Z 11-22-2011 02:51 PM

*bump* ...

Anyone? We ended up going back to RHEL5 for the time being, but the need to upgrade to 6 is much more pressing this time around... I still can't seem to figure out how to get nslcd to ignore padded zeroes...

For example, an LDAP entry with...

Code:

--snip--
uidNumber: 055555
gidNumber: 055555
--/snip--

yields this line in the logs...

Code:

passwd entry ##### LDAP DN ##### contains non-numeric uidNumber value
as well as a similar entry if the gidNumber is padded... This is just doing a "getent passwd <username>"


All times are GMT -5. The time now is 11:22 PM.