Bug 148829 - Missing configuration parameters for LDAP to connect to Windows XP LDAP
Summary: Missing configuration parameters for LDAP to connect to Windows XP LDAP
Alias: None
Product: Fedora
Classification: Fedora
Component: authconfig   
(Show other bugs)
Version: rawhide
Hardware: i386 Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Brian Brock
Keywords: FutureFeature
Depends On:
TreeView+ depends on / blocked
Reported: 2005-02-15 23:06 UTC by akonstam
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-08 13:32:24 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description akonstam 2005-02-15 23:06:43 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)

Description of problem:
First the component selected above is not on your list of components
but it is an expansion of the authconfig component I chose in the
precious screen. When you chose NIS authentication you are prompted to
enter the two values that sucessfully configure your machine as an NIS

However, when you chose LDAP authentication you are also prompted to
enter two values. These values are entered into the file
/etc/openldap/ldap.conf which is associated with the openldap-2.1.29-1
rpm nad to the /etc/ldap.conf which is associated with the
nss_ldap-217-1 rpm that governs the nss_ldap authentication switching
service. But this in no way properly configures an LDAP client.
The /etc/openldap/ldap.conf is fine. But the /etc/ldap.conf for which
there is no man page is not properly configured. 

Proper values for binddn and bindpw are missing. A proper scope is
missing and nss_base statements are not generated as well as proper
nss_map statements. Ther are other problems but you get the idea.
Even a hint that theis ldap.conf file exists and must be dealt with
would be a great help.

I wasted nearly two weeks trying to figure out what the problem is.
As far as I am concerned this functionality for setting up LDAP
service is next to useless in its present form. Now setting up LDAP
clients in the GUI is complex with all these statements that need to
be dealt with but as I said a hint when you choose LDAP
authenbtication that this file without a man page needs to be
configured deparately would be a great help since the file itself has
comments to aid in the configuration.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Just choose LDAP in the system-config-authentication gui interface.
2.Enter the values it asks for.
3.ssh username@machine
4. enter passwd

Actual Results:  You get an operations error in messages. failure to bind.

Expected Results:  You should be able to login.

Additional info:

Comment 1 akonstam 2005-02-17 16:27:01 UTC
I have to appologize for the misprints in the bug report. I was under
time pressure and fouled up. I also left out one crucial fact from my
description of the bug. I am concerned with making the FC2 client
authenticate to a Windows XP LDAP server. 

Comment 2 Tomas Mraz 2005-02-17 20:51:59 UTC
I agree this is a valid enhancement request.

Comment 3 Matthew Miller 2005-04-26 15:22:06 UTC
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.

Comment 4 Tomas Mraz 2005-04-26 15:28:46 UTC
It wasn't resolved.

Reporter, could you please specify exactly which parameters should be configurable?

Comment 5 Tomas Mraz 2005-09-08 13:32:24 UTC
There are insufficient details provided in this report for us to investigate the
issue further, and we have not received the feedback we requested.

Note You need to log in before you can comment on or make changes to this bug.