I have an LDAP server with two BDB backends. The user accounts are split between the two backends. Backend A has a referral object to Backend B.
I have tried to setup LDAP client authentication on Linux Mint 13. getent passwd lists users between Backend A and Backend B but when using su – , su returns "Unknown id". Though, using su with the user ID from Backend A works just fine.
Below is my /etc/ldap/ldap.conf in the client (Linux Mint 13):
base dc=backendA
uri ldaps://ldap.x.example.com
ldap_version 3
binddn cn=auth,dc=backendA
bindpw admin@123
referrals yes
And the /etc/ldap.conf in the client:
base dc=backendA
uri ldaps://ldap.x.example.com
ldap_version 3
binddn cn=auth,dc=backendA
bindpw admin@123
rootbinddn cn=admin,dc=backendA
pam_password md5
deref always
referrals yes
nss_base_passwd ou=users,dc=backendA?one
nss_base_shadow ou=users,dc=backendA?one
nss_base_group ou=roles,dc=backendA?one
nss_base_passwd ou=users,dc=backendB?one
nss_base_shadow ou=users,dc=backendB?one
nss_base_group ou=roles,ou=users,dc=backendB?one
What could be wrong?
Best Answer
the getent passwd is just a part of it, it tell that the system can see the user and that the ldap is working, but the su might be using also PAM and PAM have it own set of rules, not just the system user list. As you are using MINT, you are for sure using PAM.
check the /etc/pam.d/su file and any file it loads. you are for sure missing the ldap config in there. Use this document as base for configuring it.