ldap authentication problems
idht4n at gmail.com
Tue May 11 23:03:12 UTC 2010
On Tue, May 11, 2010 at 8:43 AM, David L wrote:
> On Mon, May 10, 2010 at 6:42 PM, Gordon Messmer wrote:
>> On 05/10/2010 12:27 PM, David L wrote:
>>> When I upgrade between fedora releases, I usually
>>> install with only local users, then run system-config-authentication
>>> and select "Enable LDAP support" on the "User Information" tab
>>> and on the "Authentication" tab and then click "OK". Then I just
>>> copy the old /etc/ldap.conf from the previous release over the
>>> one in /etc on the new release.
>> If you want to continue to do that, you'll need to replace
>> /etc/nsswitch.conf with a version configured to use "ldap" instead of
>> "sssd". I believe that if you replace both ldap.conf and nsswitch.conf,
>> the system will function as it used to.
I confirmed that nsswitch does specify ldap for passwd. And for
the user information part, it is definitely getting from ldap because
if I remove ldap from the nsswitch passwd line, I get a "no such
user" error instead of an authentication error.
>> sssd does have some compelling features, so you might want to invest a
>> few minutes into migrating the settings from your old ldap.conf to
>> /etc/sssd/sssd.conf. Your LDAP directory looks a lot like Active
>> Directory, so you'll probably use a lot of the settings which are
>> present in the default sssd.conf, but commented out.
I tried messing with sssd.conf and then changing nsswitch passwd
to use sss, but I got this error when trying to restart sssd:
Starting sssd: Cannot load configuration database
More information about the test