Red Hat Bugzilla – Bug 582703
unable to setup LDAP server with ldap
Last modified: 2010-05-27 11:32:23 EDT
Description of problem:
We have been using LDAP server without TLS for authenticating our users for a long time successfully. Now system-config-authentication needs TLS or ldaps.
Version-Release number of selected component (if applicable):
setup an LDAP server without security
Steps to Reproduce:
1. run system-config-authentication
2. setup an LDAP server with ldap (and not ldaps) without checking TLS
3. setup Authentication Method: LDAP password
system-config-authentication tell: "You must provide ldaps:// server address or use TLS for LDAP…"
I want to be able to use LDAP accounts without TLS or ldaps.
This practice is insecure although I can understand that on internal networks with low security requirements it might be acceptable. We use SSSD instead of the pam_ldap for authentication now though and SSSD does not support LDAP authentication against non-tls/ldaps servers.
You can still use the command line UI for that if you use the --disablesssd --disablesssdauth options.
We've tried to use the authconfig-tui tool to set up the LDAP authentication server, but it still doesn't work. The /var/log/secure tells
May 27 17:06:49 dirac sshd: pam_sss(sshd:auth): received for user ptr: 4 (System error)
So it seems, that the LDAP server is reachable and it starts to query the informations about the user, but it fails.
PS. The authconfig-tui accepts the LDAP server without ssl/tls when I don't use
--disablesssd --disablesssdauth options.
You can edit /etc/sysconfig/authconfig FORCELEGACY=yes.
Then you can rerun the authconfig and it should use pam_ldap instead of pam_sss.