LDAP Authentication: why `finger` and `id` commands are working but no `su` ??
 

Hello,

I'm trying to configure a Ubuntu 8.10 client to authenticate
againts a openldap directory.

The client configuration (PAM, NSS and /etc/ldap.conf) is here:
http://pastebin.com/mc279767

I performed some test getting the following results:

`ldapsearch -xLLL`, `id $USER`, `finger $USER`
Those three commands work fine. See the ouput here:
http://pastebin.com/d43add436

`su $USER`
Prompts twice for a password and then fails.
See the output with a debug level 1:
http://pastebin.com/m390ab435

My main question is:

Line 12 from `su $USER` output says:

"ldap_connect_to_host: TCP localhost:389"

It seems like it were trying to connect to the localhost but I
specified "host 192.168.0.10" and "uri ldap://192.168.0.10/" at the
/etc/ldap.conf file.

Maybe I need to specify a bind domain name but if I'm not wrong
the query will be permormed as anonymous and I have the followings
credentials at the server /etc/ldap/slapd.conf:

access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=carolina,dc=es" write
by anonymous auth
by self write
by * none

access to *
by dn="cn=admin,dc=carolina,dc=es" write
by * read

Any idea to solve this? Any one can enlight me?
Thank you in advance,

Carolina