Description of problem: We have been using LDAP server without TLS for authenticating our users for a long time successfully. Now system-config-authentication needs TLS or ldaps. Version-Release number of selected component (if applicable): authconfig-6.1.3-1.fc13.x86_64 How reproducible: setup an LDAP server without security Steps to Reproduce: 1. run system-config-authentication 2. setup an LDAP server with ldap (and not ldaps) without checking TLS 3. setup Authentication Method: LDAP password Actual results: system-config-authentication tell: "You must provide ldaps:// server address or use TLS for LDAP…" Expected results: I want to be able to use LDAP accounts without TLS or ldaps. Additional info:
This practice is insecure although I can understand that on internal networks with low security requirements it might be acceptable. We use SSSD instead of the pam_ldap for authentication now though and SSSD does not support LDAP authentication against non-tls/ldaps servers. You can still use the command line UI for that if you use the --disablesssd --disablesssdauth options.
We've tried to use the authconfig-tui tool to set up the LDAP authentication server, but it still doesn't work. The /var/log/secure tells May 27 17:06:49 dirac sshd[25386]: pam_sss(sshd:auth): received for user ptr: 4 (System error) So it seems, that the LDAP server is reachable and it starts to query the informations about the user, but it fails. PS. The authconfig-tui accepts the LDAP server without ssl/tls when I don't use --disablesssd --disablesssdauth options.
You can edit /etc/sysconfig/authconfig FORCELEGACY=yes. Then you can rerun the authconfig and it should use pam_ldap instead of pam_sss.