Red Hat Bugzilla – Bug 154805
getent works but /bin/su - username fails when nss_ldap is configured to utilize SSL with and OpenLDAP server
Last modified: 2008-02-07 10:40:33 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Description of problem:
When I have nss_ldap configured to use clear text both getent and /bin/su - allow me to see the users or login as the user. However, whenever I change the configuration to use SSL with my OpenLDAP server getent continues to work, but /bin/su - returns incorrect password and normal login for LDAP-based users fails. The log files report and inablility to bind to the LDAP server: "pam_ldap: ldap_simple_bind Can't contact LDAP server" From another post I have tried upgrading to the latest nss_ldap available in the development tree and that does not work either. Actually, that breaks both getent and login. However, it works correctly in RHEL3 and not in CentOS 4.0.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. system-config-authentication; use ldap for both user info and auth - no MD5
2. configure /etc/ldap.conf to use openldap ssl (ssl on) and port 636
3. /bin/su - username
Actual Results: su: incorrect password
Expected Results: It shoudl have logged me in as the user
Have you configured correctly openldap ssl certificates?
Is openldap running after executing authconfig?
Please run 'service ldap restart' twice and check that no error is reported
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.
Fedora Core 3 is not maintained anymore.
Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the
current Fedora release, please reopen this bug and assign it to the
corresponding Fedora version.