Bug 154805 - getent works but /bin/su - username fails when nss_ldap is configured to utilize SSL with and OpenLDAP server
getent works but /bin/su - username fails when nss_ldap is configured to util...
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: nss_ldap (Show other bugs)
3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-04-14 06:54 EDT by Jon Thompson
Modified: 2008-02-07 10:40 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-07 10:40:33 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jon Thompson 2005-04-14 06:54:56 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Description of problem:
When I have nss_ldap configured to use clear text both getent and /bin/su - allow me to see the users or login as the user.  However, whenever I change the configuration to use SSL with my OpenLDAP server getent continues to work, but /bin/su - returns incorrect password and normal login for LDAP-based users fails.  The log files report and inablility to bind to the LDAP server:  "pam_ldap: ldap_simple_bind Can't contact LDAP server"  From another post I have tried upgrading to the latest nss_ldap available in the development tree and that does not work either. Actually, that breaks both getent and login.  However, it works correctly in RHEL3 and not in CentOS 4.0.

Version-Release number of selected component (if applicable):
nss_ldap-220-3

How reproducible:
Always

Steps to Reproduce:
1. system-config-authentication; use ldap for both user info and auth - no MD5
2. configure /etc/ldap.conf to use openldap ssl (ssl on) and port 636
3. /bin/su - username
  

Actual Results:  su: incorrect password

Expected Results:  It shoudl have logged me in as the user

Additional info:
Comment 1 Oliver Schulze L. 2005-09-22 04:23:28 EDT
Have you configured correctly openldap ssl certificates?
Is openldap running after executing authconfig?
Please run 'service ldap restart' twice and check that no error is reported
Comment 2 Matthew Miller 2006-07-10 16:27:25 EDT
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!
Comment 3 petrosyan 2008-02-07 10:40:33 EST
Fedora Core 3 is not maintained anymore.

Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the
current Fedora release, please reopen this bug and assign it to the
corresponding Fedora version.

Note You need to log in before you can comment on or make changes to this bug.