[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAP, part 2




On Tue, May 30, 2000 at 11:24:57PM -0500, Jeff Licquia wrote:
> On Tue, May 30, 2000 at 03:41:45PM -0500, Danny Sauer wrote:
> > 
> > Thinking maybe he was onto something, I tried the same file.  That has the
> > same problem that my old file does - namely that I get errors on trying to
> > login.  I've got some nullok's and use pam_limits, but like I said, I get this error with John's working file and with my version.
> > 
> >  login[225]: Cannot make/remove an entry for the specified session
> > 
> > Anyone know what the heck's going on here?  I've got plenty of space on
> > all the drives in the system, and /dev/pts appears to be mounted right...
> > I know I had LDAP working on another system here a while ago, but I don't
> > remember if I did anything differently... :(
> 
> Can you finger an LDAP-only user?  Or chown a file to an LDAP-only
> user?  If you chown a file to a UID that's only in LDAP and then ls
> -l, does the username show up, or a numeric ID?

Well, now I've got less (or maybe more).  I can start a session, but still
don't get a shell or anything.  I dunno, maybe I'm just stupid (or maybe
SuSE's just stupid).  I can't finger sauer@localhost or ls ~sauer, and
numeric ID's show up when I ls stuff.

I thought maybe not having openldap installed was a problem, so I installed
it and can search the LDAP database, and I can even succesfully log in, but
for some reason I immediately get booted out.

So, after screwing around with it for a while, I've found the problem.
I figured I'd make sure I had stuff in the right places.  When I ran
"strings /lib/libnss_ldap.so.2 | grep ldap.conf" I discovered that
someone had accidentally typed "/etc/openldp/ldap.conf" in the path.
Making a symlink from openldap to openldp made everything work just fine.
Huh. :)

'course, after looking at SuSE's updates page, I found that they fixed that
on April 11th...  Makes sense that someone else would have figured it out
earlier.  And here I was hoping to get credit for finding the problem. :(

It works now, though.  Cool.
--Danny, getting ready to set up a lab full of these now

--
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.