dx-packages team mailing list archive

Thread
Date
[Bug 1676977] Re: Login prompt never presented with ldap login and ldapi set with a name.

To: dx-packages@xxxxxxxxxxxxxxxxxxx
From: Andreas Hasenack <andreas@xxxxxxxxxxxxx>
Date: Fri, 02 Mar 2018 14:36:43 -0000
Reply-to: Bug 1676977 <1676977@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
The ldapi:/// worked just fine, as did ldap:// with an IP or a name. And
I don't have an entry in /etc/hosts for the ldap server, I'm really
using DNS. Reboot works just fine, login prompt, and I can login at the
console (and via ssh) with an ldap user.

I'm sorry but I will need the files I requested in comment #16.

Here are mine:

ubuntu@04-57:~$ cat /etc/ldap.conf | grep -vE "^(#|$)"
base dc=example,dc=com
uri ldap://xenial-slapd-server.lxd
ldap_version 3
pam_password exop


ubuntu@04-57:~$ cat /etc/ldap/ldap.conf | grep -vE "^(#|$)"
URI    ldap://xenial-slapd.server.lxd
BASE dc=example,dc=com
TLS_CACERT	/etc/ssl/certs/ca-certificates.crt


I used these ldif files to minimally populate the ldap server:

ubuntu@04-57:~$ cat base.ldif  usergroup.ldif 
dn: ou=People,dc=example,dc=com
ou: People
objectClass: organizationalUnit

dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: organizationalUnit
dn: uid=testuser1,ou=People,dc=example,dc=com
uid: testuser1
objectClass: inetOrgPerson
objectClass: posixAccount
cn: testuser1
sn: testuser1
givenName: testuser1
mail: testuser1@xxxxxxxxxxx
userPassword: testuser1secret
uidNumber: 10001
gidNumber: 10001
loginShell: /bin/bash
homeDirectory: /home/testuser1

dn: cn=testuser1,ou=Group,dc=example,dc=com
cn: testuser1
objectClass: posixGroup
gidNumber: 10001
memberUid: testuser1

dn: cn=ldapusers,ou=Group,dc=example,dc=com
cn: ldapusers
objectClass: posixGroup
gidNumber: 10100
memberUid: testuser1


** Attachment added: "ldaplogin.png"
   https://bugs.launchpad.net/ubuntu/+source/libpam-ldap/+bug/1676977/+attachment/5067121/+files/ldaplogin.png

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to accountsservice in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1676977

Title:
  Login prompt never presented with ldap login and ldapi set with a
  name.

Status in accountsservice package in Ubuntu:
  New
Status in libpam-ldap package in Ubuntu:
  New
Status in systemd package in Ubuntu:
  New

Bug description:
  I have a ldap login configuration that has worked with several Ubuntu
  versions.

  Unfortunately it doesn't work with 16.10.

  If I left my ldapi setting using a name as I used to, the login prompt
  never appears. If I change the ldapi setting to the IP of the
  authentication server, the login works perfectly.

  The authentication server name resolution works fine on 16.10 (after
  login) and on previous version even during login.

  It seems to me my problem is related to some ordering issue.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.10
  Package: libpam-ldap 184-8.7ubuntu1
  ProcVersionSignature: Ubuntu 4.8.0-44.47-generic 4.8.17
  Uname: Linux 4.8.0-44-generic x86_64
  ApportVersion: 2.20.3-0ubuntu8.2
  Architecture: amd64
  Date: Tue Mar 28 14:33:27 2017
  InstallationDate: Installed on 2017-03-27 (1 days ago)
  InstallationMedia: Xubuntu 16.10 "Yakkety Yak" - Release amd64 (20161012.2)
  SourcePackage: libpam-ldap
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1676977/+subscriptions