Environment
Novell Open Enterprise Server
Novell Open Enterprise Server 2
Situation
Able to see info for a user via 'id' and 'getent', but cannot
authenticate.
You can su to the account when logged in as root, but can't if you are not root (if it requires a password).
LUM Authentication doesn't work.
'namuserlist -x o=novell' shows the correct info
'namuserlist o=novell' DOES NOT show the correct info
Lum is using 389, LDAP requires confidentiality for binds with password.
You can su to the account when logged in as root, but can't if you are not root (if it requires a password).
LUM Authentication doesn't work.
'namuserlist -x o=novell' shows the correct info
'namuserlist o=novell' DOES NOT show the correct info
Lum is using 389, LDAP requires confidentiality for binds with password.
Resolution
The id and getent commands use an anonymous LDAP call to get the information they present. When an actual authentication occurs however, it needs to authenticate to LDAP, not just hit it anonymously.
If LUM is set to use simple authentication (389), and LDAP requires TLS for simple binds with password, the authentication fail.
Fix:
1. Uncheck require TLS for simple binds w/ password in the LDAP group object, restart LDAP.
or
2. Set LUM to use secure LDAP. You can do this by running these 2 commands:
namconfig set"type-of-authentication=2"
/etc/init.d/namcd restart
1. Uncheck require TLS for simple binds w/ password in the LDAP group object, restart LDAP.
or
2. Set LUM to use secure LDAP. You can do this by running these 2 commands:
namconfig set"type-of-authentication=2"
/etc/init.d/namcd restart
Additional Information
By default the nam.conf file is set to use the SSL connection and
the LDAP server by default is set to use TLS on anonymous binds.
These default settings in place should allow users to authenticate
without modifications. If this does not resolve the issue you are
seeing, an LDAP trace may be required to see why authentications
are failing. To take a trace, you can use the ndstrace utility or
iMonitor.