ldap authentication problems

David L idht4n at gmail.com
Tue May 11 15:43:44 UTC 2010

On Mon, May 10, 2010 at 6:42 PM, Gordon Messmer wrote:
> On 05/10/2010 12:27 PM, David L wrote:
>> When I upgrade between fedora releases, I usually
>> install with only local users, then run system-config-authentication
>> and select "Enable LDAP support" on the "User Information" tab
>> and on the "Authentication" tab and then click "OK".  Then I just
>> copy the old /etc/ldap.conf from the previous release over the
>> one in /etc on the new release.
> If you want to continue to do that, you'll need to replace
> /etc/nsswitch.conf with a version configured to use "ldap" instead of
> "sssd".  I believe that if you replace both ldap.conf and nsswitch.conf,
> the system will function as it used to.

I think I already have done that... my nsswitch.conf looks like this:

passwd:     files ldap
shadow:     files ldap
group:      files ldap
hosts:      files dns
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files
netgroup:   files ldap
publickey:  nisplus
automount:  files ldap
aliases:    files nisplus

> sssd does have some compelling features, so you might want to invest a
> few minutes into migrating the settings from your old ldap.conf to
> /etc/sssd/sssd.conf.  Your LDAP directory looks a lot like Active
> Directory, so you'll probably use a lot of the settings which are
> present in the default sssd.conf, but commented out.

Ok, thanks... I'll try that.


More information about the test mailing list