[ale] LDAP Authentication Issue
Sam Davis
aracthabar at gmail.com
Wed May 14 14:02:26 EDT 2014
In this situation, I am just talking about ssh access to the machine.
The account works for a while then stops working, but not on every
machine at the same time. It may work on machine X for a few days
before it stops, while machine Y works continuously. Sometimes the
account is not there at all (i.e. an 'id username' returns 'Unknown id:
username') and sometimes the account is there, but the group membership
isn't. In all cases, shutting down nslcd, waiting a sec, and restarting
it has fixed the problem.
Sam
On 05/14/2014 01:51 PM, JD wrote:
> On 05/14/2014 01:34 PM, JD wrote:
>> On 05/14/2014 11:59 AM, Sam Davis wrote:
>>> Hello All,
>>>
>>> I have to admit, I really don't know where to begin on this. LDAP has never
>>> been my strong suit. We use LDAP authentication for most of our servers. We
>>> have one user for whom the client machines seem to forget about. In order to
>>> restore his account's functionality, I have to stop and then start nslcd.
>>> Sometimes the client machines do not even realize his account exists, sometimes
>>> it knows the account exists, but doesn't assign the correct group memberships.
>>> Other accounts are not impacted by this. Does anyone have any idea where to
>>> even begin looking into an issue like this?
>> I would look for conflicts between local accounts and the LDAP settings.
>>
> And differences in allowed userid/passwords between the different systems.
> We've used LDAP here for years, but I got burned when 1 webapp had a 32
> character limit on password entries, but my normal passwords were 60+ characters
> (yes, I use a password manager). I used the same password across 7 different
> systems just fine, but 1 never worked. It was too long. This was strictly a
> password entry issue since LDAP was performing the authentication.
>
> Could also be that certain characters are allowed on the password change screen,
> but not by specific login pages. In theory, this should be less and less a
> problem. I haven't seen it in years.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
More information about the Ale
mailing list