The ldapi:/// worked just fine, as did ldap:// with an IP or a name. And I don't have an entry in /etc/hosts for the ldap server, I'm really using DNS. Reboot works just fine, login prompt, and I can login at the console (and via ssh) with an ldap user.
I'm sorry but I will need the files I requested in comment #16. Here are mine: ubuntu@04-57:~$ cat /etc/ldap.conf | grep -vE "^(#|$)" base dc=example,dc=com uri ldap://xenial-slapd-server.lxd ldap_version 3 pam_password exop ubuntu@04-57:~$ cat /etc/ldap/ldap.conf | grep -vE "^(#|$)" URI ldap://xenial-slapd.server.lxd BASE dc=example,dc=com TLS_CACERT /etc/ssl/certs/ca-certificates.crt I used these ldif files to minimally populate the ldap server: ubuntu@04-57:~$ cat base.ldif usergroup.ldif dn: ou=People,dc=example,dc=com ou: People objectClass: organizationalUnit dn: ou=Group,dc=example,dc=com ou: Group objectClass: organizationalUnit dn: uid=testuser1,ou=People,dc=example,dc=com uid: testuser1 objectClass: inetOrgPerson objectClass: posixAccount cn: testuser1 sn: testuser1 givenName: testuser1 mail: testus...@example.com userPassword: testuser1secret uidNumber: 10001 gidNumber: 10001 loginShell: /bin/bash homeDirectory: /home/testuser1 dn: cn=testuser1,ou=Group,dc=example,dc=com cn: testuser1 objectClass: posixGroup gidNumber: 10001 memberUid: testuser1 dn: cn=ldapusers,ou=Group,dc=example,dc=com cn: ldapusers objectClass: posixGroup gidNumber: 10100 memberUid: testuser1 ** Attachment added: "ldaplogin.png" https://bugs.launchpad.net/ubuntu/+source/libpam-ldap/+bug/1676977/+attachment/5067121/+files/ldaplogin.png -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to accountsservice in Ubuntu. https://bugs.launchpad.net/bugs/1676977 Title: Login prompt never presented with ldap login and ldapi set with a name. Status in accountsservice package in Ubuntu: New Status in libpam-ldap package in Ubuntu: New Status in systemd package in Ubuntu: New Bug description: I have a ldap login configuration that has worked with several Ubuntu versions. Unfortunately it doesn't work with 16.10. If I left my ldapi setting using a name as I used to, the login prompt never appears. If I change the ldapi setting to the IP of the authentication server, the login works perfectly. The authentication server name resolution works fine on 16.10 (after login) and on previous version even during login. It seems to me my problem is related to some ordering issue. ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: libpam-ldap 184-8.7ubuntu1 ProcVersionSignature: Ubuntu 4.8.0-44.47-generic 4.8.17 Uname: Linux 4.8.0-44-generic x86_64 ApportVersion: 2.20.3-0ubuntu8.2 Architecture: amd64 Date: Tue Mar 28 14:33:27 2017 InstallationDate: Installed on 2017-03-27 (1 days ago) InstallationMedia: Xubuntu 16.10 "Yakkety Yak" - Release amd64 (20161012.2) SourcePackage: libpam-ldap UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1676977/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp