ldap.conf, openldap and suse


Currently automating our LDAP setup via an RPM and I’ve run into an issue. After installing the RPM, LDAP will not allow domain users to login unless we go into YAST and select “users” and “groups” from the “Read the following items from LDAP data source” section. I’ve activated/deactivated these settings and looked through various config files but I cannot see them being added etc.

The module we’re using is ldapkrb but I also cannot figure out a command to check these parameters.

Has anyone experience with this?

Submitting a modified LDAP.conf file below:

uri <omitted>
binddn cn=<omitted>
bindpw <omitted>
scope sub
bind_timelimit 15
timelimit 15
ldap_version 3
ssl start_tls
tls_reqcert allow
referrals no
base ou=users,o=<omitted>
nss_base_passwd ou=users,o=<omitted>
nss_base_shadow ou=users,o=<omitted>
nss_base_group ou=POSSecure,ou=Groups,o=<omitted>
nss_map_attribute loginShell posShell
nss_map_attribute uniqueMember member
nss_initgroups_ignoreusers root,ldap,pos,dbus
nss_reconnect_tries 1
nss_reconnect_sleeptime 1
nss_reconnect_maxsleeptime 1
nss_reconnect_maxconntries 3
nss_connect_policy persist

This can be marked as solved.
The /etc/nsswitch.conf file was being updated.

Thank-you for sharing your results. If you have any other details on how
it was being updated, those may help others, but at least that gives a
clue as to where to look.

Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.