|Summary:||getent works but /bin/su - username fails when nss_ldap is configured to utilize SSL with and OpenLDAP server|
|Product:||[Fedora] Fedora||Reporter:||Jon Thompson <jonathan.thompson>|
|Component:||nss_ldap||Assignee:||Nalin Dahyabhai <nalin>|
|Status:||CLOSED INSUFFICIENT_DATA||QA Contact:|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2008-02-07 15:40:33 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Jon Thompson 2005-04-14 10:54:56 UTC
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Description of problem: When I have nss_ldap configured to use clear text both getent and /bin/su - allow me to see the users or login as the user. However, whenever I change the configuration to use SSL with my OpenLDAP server getent continues to work, but /bin/su - returns incorrect password and normal login for LDAP-based users fails. The log files report and inablility to bind to the LDAP server: "pam_ldap: ldap_simple_bind Can't contact LDAP server" From another post I have tried upgrading to the latest nss_ldap available in the development tree and that does not work either. Actually, that breaks both getent and login. However, it works correctly in RHEL3 and not in CentOS 4.0. Version-Release number of selected component (if applicable): nss_ldap-220-3 How reproducible: Always Steps to Reproduce: 1. system-config-authentication; use ldap for both user info and auth - no MD5 2. configure /etc/ldap.conf to use openldap ssl (ssl on) and port 636 3. /bin/su - username Actual Results: su: incorrect password Expected Results: It shoudl have logged me in as the user Additional info:
Comment 1 Oliver Schulze L. 2005-09-22 08:23:28 UTC
Have you configured correctly openldap ssl certificates? Is openldap running after executing authconfig? Please run 'service ldap restart' twice and check that no error is reported
Comment 2 Matthew Miller 2006-07-10 20:27:25 UTC
Fedora Core 3 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thank you!
Comment 3 petrosyan 2008-02-07 15:40:33 UTC
Fedora Core 3 is not maintained anymore. Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the current Fedora release, please reopen this bug and assign it to the corresponding Fedora version.