Peter Santiago
2007-Oct-03 15:44 UTC
[Fedora-directory-users] nss_ldap cannot authenticate vs FDS
Hi, I was able to finally configure FDS to sync with ADS with Winsync. Thanks a lot to the members here. Now I ran into another peculiar problem. NSS_LDAP seems not to be able to authenticate or do a successful query against FDS. I used ldapsearch to double check, I was able to do a successful query against FDS. Attached are two files from doing id and ldapsearch. I have enabled debugging. Could someone help explain why ldapsearch can successfully query FDS whereas NSS_LDAP cannot? Maybe there is a need to patch NSS_LDAP? I''m using nss_ldap 253 from fedora 6 package. -- Peter Santiago peters@psinergybbs.com My website: www.psinergybbs.com My spamtrap address: r34987y@psinergybbs.com ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
David Boreham
2007-Oct-03 15:54 UTC
Re: [Fedora-directory-users] nss_ldap cannot authenticate vs FDS
Looking at the debug logs you provided, the entry is correctly returned by the server in both cases. So persumably NSS_LDAP doesn''t like the look of it. Is it expecting some specific object class that''s missing perhaps ? Peter Santiago wrote:> > Hi, > > I was able to finally configure FDS to sync with ADS with Winsync. > Thanks a lot to the members here. > > Now I ran into another peculiar problem. NSS_LDAP seems not to be able > to authenticate or do a successful query against FDS. > > > I used ldapsearch to double check, I was able to do a successful query > against FDS. > > Attached are two files from doing id and ldapsearch. I have enabled > debugging. > > Could someone help explain why ldapsearch can successfully query FDS > whereas NSS_LDAP cannot? Maybe there is a need to patch NSS_LDAP? I''m > using nss_ldap 253 from fedora 6 package. > > -- > Peter Santiago peters@psinergybbs.com > My website: www.psinergybbs.com > My spamtrap address: r34987y@psinergybbs.com > > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Steve Rigler
2007-Oct-03 15:55 UTC
Re: [Fedora-directory-users] nss_ldap cannot authenticate vs FDS
On Wed, 2007-10-03 at 23:44 +0800, Peter Santiago wrote:> Hi, > > I was able to finally configure FDS to sync with ADS with Winsync. > Thanks a lot to the members here. > > Now I ran into another peculiar problem. NSS_LDAP seems not to be able > to authenticate or do a successful query against FDS. > > > I used ldapsearch to double check, I was able to do a successful query > against FDS. > > Attached are two files from doing id and ldapsearch. I have enabled > debugging. > > Could someone help explain why ldapsearch can successfully query FDS > whereas NSS_LDAP cannot? Maybe there is a need to patch NSS_LDAP? I''m > using nss_ldap 253 from fedora 6 package. > > -- > Peter Santiago peters@psinergybbs.com > My website: www.psinergybbs.com > My spamtrap address: r34987y@psinergybbs.com >Is "ftest" a posixAccount? -Steve
Peter Santiago
2007-Oct-03 16:08 UTC
Re: [Fedora-directory-users] nss_ldap cannot authenticate vs FDS
Quoting Steve Rigler <srigler@marathonoil.com>: [snip]>> > > Is "ftest" a posixAccount? > > -Steve >By George, you hit the nail on the head. My bad..... Thanks a lot. I have enabled posixUsers attributes and it worked. Now one more question. Since I''m syncing users from ADS to FDS, is there anyway to enable the posix Users attribute for the imported users? Or do I have to manually enable it for each synced users? -- Peter Santiago peters@psinergybbs.com My website: www.psinergybbs.com My spamtrap address: r34987y@psinergybbs.com ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.