Hi Rich, Sorry I had a mistake in my ldapsearch. Ldapsearch is working but with it does not found users using "id" command:
[root@XX ~]# service nslcd restart Stopping nslcd: [ OK ] Starting nslcd: [ OK ] [root@dc103 ~]# ldapsearch -x -D 'cn=authenticate, ou=System,dc=test, dc=es' '(objectclass=*)' -W -ZZ Enter LDAP Password: # extended LDIF # [root@dc103 ~]# id esther id: esther: No such user And I have these entries in nsswitch: [root@XX ~]# grep ldap /etc/nsswitch.conf passwd: files ldap shadow: files ldap group: files ldap Errors in messages log when I try this "id" search: May 24 10:50:09 XX nslcd[4612]: [8e1f29] no available LDAP server found May 24 10:50:09 XX nslcd[4612]: [8e1f29] no available LDAP server found May 24 10:50:09 XX nslcd[4612]: [e87ccd] no available LDAP server found May 24 10:50:09 XX nslcd[4612]: [e87ccd] no available LDAP server found May 24 10:50:11 XX nslcd[4612]: [1b58ba] ldap_start_tls_s() failed: Connect error (uri="ldap://ldap1-test";) May 24 10:50:11 XX nslcd[4612]: [1b58ba] failed to bind to LDAP server ldap://ldap1-test: Connect error May 24 10:50:11 XX nslcd[4612]: [1b58ba] ldap_start_tls_s() failed: Connect error (uri="ldap://ldap2-test";) May 24 10:50:11 XX nslcd[4612]: [1b58ba] failed to bind to LDAP server ldap://ldap2-test: Connect error May 24 10:50:11 XX nslcd[4612]: [1b58ba] no available LDAP server found In version 2.4.19-15 I don't see this issue. TIA, Esther 2012/5/23 Rich Megginson <[email protected]> > On 05/23/2012 10:37 AM, Esther Garcia wrote: > > Hi all, > > We have an OpenLDAP server (RHEL6) running version 2.4.23-15, and we > have clients in RHEL5 and RHEL6. > With clients in RHEL5 works properly but I found some problems with RHEL6 > clients in versions newer than 2.4.19-15. > > In the clients, if I try to upgrade to new versions than 2.4.19-15 then > the client stops working: > > [root@XX ~]# rpm -qa | grep openldap > openldap-2.4.19-15.el6.x86_64 > openldap-clients-2.4.19-15.el6.x86_64 > [root@XX ~]# ldapsearch -x -D 'cn=authenticate, ou=System,dc=test, > dc=es' '(objectclass=*)' -W -ZZ > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > ...... > [root@XX ~]# id esther > uid=63004(esther) gid=50041(test) groups=50041(test) > > [root@XX ~]# yum upgrade openldap* > ..... > Updating : openldap-2.4.23-20.el6.x86_64 > > 1/4 > warning: /etc/openldap/ldap.conf created as > /etc/openldap/ldap.conf.rpmnew > Updating : openldap-clients-2.4.23-20.el6.x86_64 > > 2/4 > Cleanup : openldap-clients-2.4.19-15.el6.x86_64 > > 3/4 > Cleanup : openldap-2.4.19-15.el6.x86_64 > > 4/4 > > Updated: > openldap.x86_64 0:2.4.23-20.el6 > openldap-clients.x86_64 0:2.4.23-20.el6 > > > Complete! > > [root@XX ~]# service nslcd restart > Stopping nslcd: [ OK ] > Starting nslcd: [ OK ] > [root@XX ~]# id esther > id: esther: No such user > [root@XX ~]# ldapsearch -x -D 'cn=authenticate, ou=System,dc=test, > dc=es' '(objectclass=*)' -W -ZZ > ldap_start_tls: Connect error (-11) > > > try adding -d 1 - ldapsearch -d 1 -x .... > > > I have the same configuration files that used with the older version. I > use these configuration files: > > */etc/pam_ldap.conf:* > base dc=test,dc=es > binddn cn=authenticate,ou=System,dc=test,dc=es > bindpw XXXX > timelimit 120 > bind_timelimit 120 > idle_timelimit 3600 > pam_lookup_policy yes > pam_password exop > nss_initgroups_ignoreusers > root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm > ssl start_tls > uri ldap://ldap1-test ldap://ldap2-test > tls_cacertdir /etc/openldap/cacerts > pam_password md5 > > */etc/nslcd.conf* > uid nslcd > gid ldap > uri ldap://ldap1-test ldap://ldap2-test > base dc=test,dc=es > binddn cn=authenticate,ou=System,dc=test,dc=es > bindpw XXXX > ssl start_tls > tls_cacertdir /etc/openldap/cacerts > timelimit 120 > bind_timelimit 120 > idle_timelimit 3600 > > */etc/openldap/ldap.conf:* > URI ldap://ldap1-test/ ldap://ldap2-test/ > BASE dc=test,dc=es > TLS_CACERT /etc/openldap/cacerts/catest.crt > > *CAcert file:* > > [root@XX ~]# ls -l /etc/openldap/cacerts/catest.crt > -rw-r--r--. 1 root root 1655 May 23 15:23 > /etc/openldap/cacerts/catest.crt > > Any idea on what the issue is? Am I missing anything? > > > Thanks in advance, > Esther > > > > >
