LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 01-26-2007, 01:22 PM   #1
sam_vde
LQ Newbie
 
Registered: Mar 2005
Posts: 19

Rep: Reputation: 0
ldap still requires local user to work


Hi,

I setup openldap on a machine using various walk-through guides on the web. There is one question I cannot seem to pin down.

I create an LDAP directory with 1 database to manage the users. There is an administrator group for those who can alter LDAP, and a regular users group for those.

Local root is not automatically LDAP admin.

Now here is my question: I can authenticate against the LDAP directory just fine. So I want to get rid of local users in /etc/passwd. Here is what I did:

- I deleted the local user passwd using "passwd -d"
-> ok, user can still log on
- I deleted the user using userdel
-> user cannot log on anymore?
- recreate the user local using useradd
-> user can log on
- create a new user in LDAP directory using ldapadd
-> user cannot log in
- add user local without setting a password using useradd
-> new user can log on using the LDAP password

So it seems the users needs to exist locally in /etc/passwd to be able to log on. Is this expected behaviour? At the moment the tests are done on one machine, so LDAP is running on the same machine where I am trying to log on. Maybe I've missed something.

Setup:

slapd Version: 2.2.26-5ubuntu2.2
libnss Version: 238-1.1ubuntu1
libpam Version: 180-1ubuntu0.6.06



Best regards
Sam
 
Old 01-26-2007, 02:07 PM   #2
alunduil
Member
 
Registered: Feb 2005
Location: San Antonio, TX
Distribution: Gentoo
Posts: 684

Rep: Reputation: 62
May I ask what your nsswitch.conf looks like? It might be that you are polling File before LDAP, and that would cause the reverse you are seeing. It might also be the order of your authentication chains in PAM.

Regards,

Alunduil
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LDAP server not starting as user LDAP klnasveschuk Fedora 1 02-15-2007 05:49 AM
Adobe Acrobate Reader Requires A Plugin-That Requires Open LDAP That Requires Berkely Old_Fogie Slackware 10 05-08-2006 06:04 AM
Setup local machine to allow lan machines to retrieve its local user mail. Brian1 Linux - Networking 3 03-30-2006 06:04 AM
Hi, my work requires I.E. 5.5 or higher..... kuplo Linux - Software 8 10-21-2005 09:31 PM
LDAP Authentication w/ Local User Information Adrian W Linux - Security 13 08-17-2004 12:09 PM


All times are GMT -5. The time now is 01:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration