Description of problem: GDM authentication fails for LDAP user log in sessions. Version-Release number of selected component (if applicable): 2.4.1.3-5 How reproducible: Always Steps to Reproduce: 1. Configure a Red Hat Linux 9.0 LDAP server: https://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-ldap-quickstart.html 2. Configure a Red Hat Linux 9.0 LDAP client: https://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-ldap-pam.html 3. If no user accounts were added to the LDAP database with the migration tools, then added a test user account. 4. Create a local home directory for the LDAP user on the LDAP client host. 5. Confirm there is no local account for the LDAP user on the LDAP client host. 6. Log in without GDM (su, ssh, a tty login screen, etc) to confirm it works. 7. Log in with GDM login window to verify failure. Actual results: User log in error message. Expected results: Log in to GDM session with LDAP user account. Additional info: An excerpt from the /var/log/messages file on the LDAP client system is attached. The first four lines show GDM log in failures for the testuser0 account which is the LDAP user account. Then it is followed by successful testuser0 log in sessions from the login (tty1), su, and sshd utilities. To illustrate that GDM does work for local accounts, I used my gdonnell local account to log into a GDM session. The log file has successful log in messages for my gdonnell local account.
Created attachment 92479 [details] /var/log/messages
Do not use TLS encryption on the LDAP client host because it does not work. I reported this in the 97675 ticket.
Hello, I resolved the problem. When I got TLS encryption to work, I was able to log in from the GDM login screen. I figured that GDM requires TLS encryption to be enable. For security reasons, this is very good. In the 97675 ticket, I documented how I used the 51352 ticket to resolve the TLS encryption problem in the 97675 ticket. The TLS encryption requirement for GDM to authenticate with LDAP should be documented. May be I over looked it. I did not see this in the Red Hat Reference Guide or DAP Linux HOWTO. *** This bug has been marked as a duplicate of 51352 ***