Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 02-16-2011, 08:13 PM   #1
LQ Newbie
Registered: Oct 2010
Posts: 4

Rep: Reputation: 0
Open LDAP authentication probs

Hi Guys,

I'm having a pretty weird problem, and really have no idea where to begin in tracing and fixing it. But here goes.

I'm running Ubuntu 10.10 on 2 machines, and have installed OpenLDAP as per the guide it all seemed to be going well having it installed and running on Server A, including authentication. So a few days later I decided to setup server B to be a slave replica. Which after a little bit of fiddling seems to working and keeping the records in sync.

Then I did an apt-get upgrade on server A. then my problem started.

Basically getent passwd, only returns one entry from the LDAP and so does getent group.
But a search of LDAP returns everything that's there.

I've been comparing the config files between Server A and Server A for PAM etc, and everything is the same.

but if I change ldap.conf on server A to point the uri ldap://server B/ and rerun getent passwd it returns all the users and getent group returns all the groups.

I've compared the LDAP entries between Server A and Server B and they're staying in sync.

It looks like it's more to do with ldap than the auth config if just changing the server fixes it, but as server A is the master LDAP server I'm really at a loss.

Server A - Ubuntu 10.10 (Upgraded from originally 8.04 I believe)

# dpkg -l | grep -i openldap
ii ldap-utils 2.4.21-0ubuntu5.3 OpenLDAP utilities
ii libldap-2.4-2 2.4.21-0ubuntu5.3 OpenLDAP libraries
ii slapd 2.4.21-0ubuntu5.3 OpenLDAP server (slapd)

Server B - Ubuntu 10.10 (Fresh install)

c# dpkg -l | grep -i openldap
ii ldap-utils 2.4.23-0ubuntu3.4 OpenLDAP utilities
ii libldap-2.4-2 2.4.23-0ubuntu3.4 OpenLDAP libraries
ii slapd 2.4.23-0ubuntu3.4 OpenLDAP server (slapd)

If getent was only returning local users it'd be something, but it's returning local + 1 LDAP user or 1 group. Which just seems weird.

Any help would be greatly appreciated. I'm sure posting some logs would be helpful, but I have no idea which so if someone can let me know what extra info would be more helpful I'll post it back asap.

Thanks in advance.
Old 02-20-2011, 05:47 PM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
In general i'd say you could do with manually recreating what it's being asked for and inspecting the raw data. You can see the queries in the server side log file assuming it it's configured accordingly, our if you're not using ssl / tls you can use a tool like wireshark to see the while conversation as it happened across the network. By doing that you'll probably see a missing attribute that stops it being able to be used as a valid posix account. Often you can see the account being returned but not coming out of the end of a getent passwd which would suggest something about the data is incomplete or invalid.


openldap, ubuntu+10.10

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to setup open ldap server and solaris 10 as ldap client maheshlad Linux - Software 1 10-10-2009 01:55 AM
LDAP auth probs bmead Linux - Networking 7 01-13-2009 11:17 AM
Open LDAP shows details with anonymous authentication only nolinuxnollife Linux - Software 0 07-23-2007 12:58 AM
samba ldap smbpasswdb probs (almost there) Oly Linux - Networking 1 07-21-2006 09:54 AM
Open LDAP Authentication problem Rajesh_Amma Linux - Newbie 1 04-20-2006 07:59 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:20 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration