[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LDAP, part 2
On Tue, May 30, 2000 at 11:24:57PM -0500, Jeff Licquia wrote:
> On Tue, May 30, 2000 at 03:41:45PM -0500, Danny Sauer wrote:
> >
> > Thinking maybe he was onto something, I tried the same file. That has the
> > same problem that my old file does - namely that I get errors on trying to
> > login. I've got some nullok's and use pam_limits, but like I said, I get this error with John's working file and with my version.
> >
> > login[225]: Cannot make/remove an entry for the specified session
> >
> > Anyone know what the heck's going on here? I've got plenty of space on
> > all the drives in the system, and /dev/pts appears to be mounted right...
> > I know I had LDAP working on another system here a while ago, but I don't
> > remember if I did anything differently... :(
>
> Can you finger an LDAP-only user? Or chown a file to an LDAP-only
> user? If you chown a file to a UID that's only in LDAP and then ls
> -l, does the username show up, or a numeric ID?
Well, now I've got less (or maybe more). I can start a session, but still
don't get a shell or anything. I dunno, maybe I'm just stupid (or maybe
SuSE's just stupid). I can't finger sauer@localhost or ls ~sauer, and
numeric ID's show up when I ls stuff.
I thought maybe not having openldap installed was a problem, so I installed
it and can search the LDAP database, and I can even succesfully log in, but
for some reason I immediately get booted out.
So, after screwing around with it for a while, I've found the problem.
I figured I'd make sure I had stuff in the right places. When I ran
"strings /lib/libnss_ldap.so.2 | grep ldap.conf" I discovered that
someone had accidentally typed "/etc/openldp/ldap.conf" in the path.
Making a symlink from openldap to openldp made everything work just fine.
Huh. :)
'course, after looking at SuSE's updates page, I found that they fixed that
on April 11th... Makes sense that someone else would have figured it out
earlier. And here I was hoping to get credit for finding the problem. :(
It works now, though. Cool.
--Danny, getting ready to set up a lab full of these now
--
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.