This is driving me nuts! Anyway, have openldap running on a RH server working fine. I can query it via ldapsearch as well as running apache locally with phpLdapAdmin and can login, etc. so I know all is well.

Now the client part is driving me iNsAnE! I read 100 different articles all say different things so I have to say someone out here has it working! My test client Fedora, I run the system-config-authentication, select ldap and the proper info for both User and Authentication. Logout, login as my test ldap user (not on the local box) and nothing, nothing on the ldap server either.

The nss-ldap and ldap-conf files are updated correctly via the above config, so I need someone to throw some suggestions, ideas or something this way.

As always, thanks

ok, well in general you need demarcation points... the getent tool lets you pull down the systems view of your passwd database, shadow, group and other things. if you do a "getent passwd" you'll see all possible users that the system recognises could log in to your system. you'll see the local data, the ldap data and any other user sources. that'll let you see what ldap data is being pulled back. it's quite possible that you're getting some data, but not all of it. when i was trying to get ldap connectivity to Active Directory, i had issues like i wasn't providing UID's from it... also a packet sniffer is (imho) a very useful tool. if you are not using ldaps then you can see if the server is actually giving you data back from a tool like wireshark. also the redhat tool itself is insufficient. you *should* need to bind with a real user account, not anonymously, something that the redhat tool doesn't even let you specify. use the tool for a base, then edit your /etc/ldap.conf to actually make it work.

thanks for the quick help.

ok, well since reading, I did update the ldap.conf with some connection info and see that it's failing so I am taking a step forward and back as I am getting errors in the client log file. Taking a step back, I am trying to understand who bind's to query. In the ldap, I have the admin (cn=admin, ou=employees,dc=company,dc=com). The question / problem here lies in the ldap.conf file because playing with that causes the errors;

There are 2 bind's, the 1st is a binddn the other rootbind, I assume either of them could bind as the admin above and I guess there should be another user who can bind w/o admin functionality, but for now, I just want this to work, then can tweak. If I use the above as either the binddn or rootbinddn and comment bindpw, in the messages file I get;
nss_ldapL failed to bind to LDAP server .... Invalid credentials (which is good)

If I uncomment the bindpw, save and re-issue the getent it runs through the local and hangs (wireshark locks up) and I must force quit.

So at least I get feedback, the admin password is encrypted so I am sure the bindpw has to show that, but how can I echo (for lack of a better term) that password in that format to put in the ldap.conf file?

Thanks again.