Ubuntu
libnss-ldap package

"i have no name" libnss-ldap

Asked by Oljas

Ubuntu server 10.04.1
Followed official documentation to setup LDAP authentication.
Now if i login as a LDAP user i got "i have no name!" in command prompt.
Also passwd gives error on LDAP users.
/etc/ldap.conf is world readable

Anyone?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu libnss-ldap Edit question
Assignee:
No assignee Edit question
Solved by:
Jeruvy
Solved:
Last query:
Last reply:
Revision history for this message
Best Jeruvy (jeruvy) said : 		#1

Add/Change these entries in your /etc/nsswitch.conf:

passwd: files ldap
group: files ldap
shadow: files ldap

Also install the nscd

Revision history for this message
Oljas (oljas) said : 		#2

Thanks Jeruvy, that solved my question.

Revision history for this message
Oljas (oljas) said : 		#3

But anyhow, when i login as LDAP user i cannot change password with passwd, nor with ldappasswd. ldappasswd gives error ldap_bind: Invalid credentials

Revision history for this message
Jeruvy (jeruvy) said : 		#4

I would hazard to guess this is inconsistent with your setup. I found this link about it, perhaps it will help. If not post back your configs.

http://www.openldap.org/lists/openldap-software/200312/msg00325.html

Revision history for this message
Oljas (oljas) said : 		#5

Yeah, red that already. Double-checked my config, and don`t found anything suspicious.

Thats how it looks:

dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by dn="cn=admin,dc=totan,dc=ru" write by * read
olcSecurity: ssf=0 tls=0 simple_bind=0 update_ssf=0
olcSizeLimit: 500

dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcAccess: {0}to attrs=userPassword by dn="cn=admin,dc=totan,dc=ru" write by
  anonymous auth by self write by * none
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to * by dn="cn=admin,dc=totan,dc=ru" write by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=totan,dc=ru
olcRootPW: {MD5}secret
olcSuffix: dc=totan,dc=ru

root@alpha:/home/oljas# cat /etc/ldap.conf
host alpha.totan.ru
base dc=totan,dc=ru
uri ldap://alpha.totan.ru/
ldap_version 3
rootbinddn cn=admin,dc=totan,dc=ru
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_min_uid 1
pam_max_uid 2000000000000000000000000000000000000
nss_base_passwd ou=Computers,dc=totan,dc=ru?one
nss_base_shadow ou=Users,dc=totan,dc=ru?one
nss_base_group ou=Groups,dc=totan,dc=ru?one
tls_checkpeer no
tls_cacertfile /etc/ssl/certs/ca-cert.pem
tls_cacertdir /etc/ssl/certs
tls_cert /etc/ssl/certs/alpha.totan.ru-cert.pem
tls_key /etc/ssl/private/alpha.totan.ru-private-key.pem
nss_initgroups_ignoreusers asterisk,avahi,backup,bin,daemon,dhcpd,ebox,games,gnats,irc,libuuid,list,lp,mail,man,messagebus,miredo,mysql,news,ntp,openldap,postfix,postgres,proxy,quagga,root,sshd,sync,sys,syslog,tftp,uucp,www-data

and, naturaly

root@alpha:/home/oljas# cat /etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap

I use Apache Directory Studio to edit LDAP entries and cn=config. I connects with and without SSL/TLS, anonymous or by cn=admin,dc=totan,dc=ru.

Is there any other logs/config files a have to look for?

Revision history for this message
Oljas (oljas) said : 		#6

and the
ldapadduser test
works, but dont create password for the user

ldappasswd test
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
 additional info: SASL(-13): user not found: no secret in database

Maybe I have misconfiguration of olcAccess, because i have no clue what is the password the ldappasswd asks for.