I want authentication against local openldap server. After several unsuccessful attempts configure sssd I uninstall sssd-* stuff and configure things with pam_ldap/nss_ldap (fortunately when not installed sssd, then system-config-authentication seems configure /etc/pam.d/* files correctly). But my system behaves weirdly: When I have in /etc/nsswitch.conf only "files" service lookup, all is OK. But when I specify passwd, shadow and group database as below:

#--- my "/etc/nsswitch.conf": passwd: files ldap shadow: files ldap group: files ldap hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files publickey: nisplus automount: files aliases: files

then NSS (or PAM?) LDAP modules are accessed, which appears as local accounts are ignored. For that behavior either will not start services which run as non-root users (named, httpd,.. and unluckily openldap server too :( ) - they stops at "runuser ..." commands in their start scripts.

Can someone help with? Due to which things system may behave in this manner?

When I slightly modify nsswitch.conf as: passwd: files [SUCCESS=return] ldap shadow: files [SUCCESS=return] ldap group: files [SUCCESS=return] ldap

then nothing changes. Grrr...

Thanks, Franta Hanzlik