Bug 141611 - Cannot login with nss_ldap, getent works correctly
Summary: Cannot login with nss_ldap, getent works correctly
Alias: None
Product: Fedora
Classification: Fedora
Component: nss_ldap (Show other bugs)
(Show other bugs)
Version: 3
Hardware: x86_64 Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2004-12-02 14:51 UTC by Chris Hills
Modified: 2007-11-30 22:10 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-11-05 15:57:50 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Chris Hills 2004-12-02 14:51:55 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5)
Gecko/20041107 Firefox/1.0

Description of problem:
I have set up a fresh installation of FC3, running authconfig and them
modifying /etc/ldap.conf with the correct paramaters (binddn and
bindpw). The setup is identical to other fc2 hosts which function

When I try to login at the console with a user from ldap, it simply
says "System error" and clears the screen. Nothing is logged to
/var/log/messages, and there is a message of similar effect in
/var/log/secure ('login: System error')

If i run `getent passwwd <username>` it displays the correct
information, indicating there is no problem with the connection to the
server. I am also able to `touch test; chown <username> test`, where
<username> is a user present in the ldap directory, and this does not
cause an error.

One other thing I noticed is that if I try `su <username>` as root the
output is 'su: incorrect password'.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install FC3 x86_64 on compatible hardware
2. Run authconfig and specify the correct settings for LDAP
3. Try to login through any mechanism (login, ssh etc)

Actual Results:  When logging in with login, it displays 'System error'.

Expected Results:  Should be given a login shell.

Additional info:

Output of `getent passwd testuser`:

testuser:$1$9huu78tyguiHH65fIOgh78/:10028:1002:User, Test:

Comment 1 Florian La Roche 2004-12-06 12:20:08 UTC
Can you please test the rpm package from Fedora Core development tree
if that works?

Comment 2 Chris Hills 2004-12-06 14:17:34 UTC
I installed nss_ldap-226-2.x86_64 and the login now works correctly.

Comment 3 Jon Thompson 2005-04-13 18:58:15 UTC
I have a similar problem.  Login and getent works with pam_ldap in non-ssl more.
 I switch to ssl and I can execute a getent but su - username does not work.  It
retrurns "incorrect password". I grabbed the rpm from teh development tree and
tested that.  Neither getent or su work in ssl mode, but do in non-ssl mode. 
Any suggestions?

Comment 4 Oliver Schulze L. 2005-09-22 08:21:43 UTC
Add this to /etc/syslog.conf
local4.* /var/log/ldap
restart syslog and ldap and check /var/log/ldap for debug messages

Comment 5 Matthew Miller 2006-07-10 22:01:03 UTC
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!

Comment 6 John Thacker 2006-11-05 15:57:50 UTC
Closing per lack of response to previous request for information.
This bug was originally filed against a much earlier version of Fedora
Core, and significant changes have taken place since the last version
for which this bug is confirmed.

Note that FC3 and FC4 are supported by Fedora Legacy for security
fixes only.  Please install a still supported version and retest.  If
it still occurs on FC5 or FC6, please reopen and assign to the correct
version.  Otherwise, if this a security issue, please change the
product to Fedora Legacy.  Thanks, and we are sorry that we did not
get to this bug earlier.

Note You need to log in before you can comment on or make changes to this bug.