[sudo-users] LDAP problem

JR Aquino JR.Aquino at citrix.com
Mon Aug 29 15:51:28 EDT 2011

Try ln -s /etc/ldap.conf /etc/pam_ldap.conf as well.

Nss is used to lookup the roles for "authorization"

Pam is used for the "authentication"

This is just a hunch, but it seems that you have older working RHEL clients working and it sounds like the move to 6 is fairly new.

The "appropriate fix" that my friends at Redhat would want me to say is: 
You'd want to put the separate appropriate ldap info into each of the conf files.

But the symlink should at least get you further.


On Aug 29, 2011, at 11:53 AM, "John Berninger" <jwb at unc.edu> wrote:

> On 8/29/11 2:12 PM, JR Aquino wrote:
>> Try making a symlink: ln -s /etc/ldap.conf /etc/nss_ldap.conf
>> Fedora/Redhat semi-recently split the ldap.conf file to address the difference between nss_ldap.conf and pam_ldap.conf
> That got me a lot further; now I'm making it to LDAP, but I'm getting told my password is wrong, and the error appearing in /var/log/secure is:
> Aug 29 14:33:03 subversion sudo: pam_unix(sudo:auth): conversation failed
> Aug 29 14:33:03 subversion sudo: pam_unix(sudo:auth): auth could not identify password for [jwbernin]
> PAM will accept the password, do an LDAP lookup, and authenticate me successfully, sudo is being a bit more stubborn.
> --
> John

More information about the sudo-users mailing list