LDAP server broken after upgrade

[Lonni J Friedman]

On Sun, Aug 10, 2008 at 11:35 AM, Tim Wunder <tim at thewunders.org> wrote:
> On Saturday 09 August 2008 10:00:04 pm Lonni J Friedman wrote:
>> On Sat, Aug 9, 2008 at 5:58 PM, Bill Campbell <linux-sxs at celestial.com>
> wrote:
>> > On Sat, Aug 09, 2008, Lonni J Friedman wrote:
>> >>I've just upgraded a server which provides NFS & OpenLDAP
>> >>authentication from Fedora 7 to Fedora9.  The upgrade of the OS went
>> >>smoothly, however LDAP appears to be semi-broken.
>> >>
>> >>While I can authenticate any user, if I attempt to login as that user, I
>> >> see: $ su - lfriedman
>> >>id: cannot find name for user ID 3215
>> >>id: cannot find name for group ID 3215
>> >>id: cannot find name for user ID 3215
>> >>[I have no name!@spare ~]$
>> >>
>> >>All of this worked fine before the upgrade, so I'm kinda lost &
>> >>confused on what could be wrong now.  Any LDAP experts have any
>> >>suggestions?
>> >
>> > I would check the /etc/ldap.conf and /etc/*ldap*/ldap.conf files to see
>> > if they were changed during the upgrade (look for ldap.rpmsave files for
>> > the old copies).  Check also for an /etc/ldap.secret files which should
>> > have 600 perms.  Do similar checks on /etc/openldap/slapd.conf.
>>
>> I should have mentioned that I checked that first.  Everything is
>> world readable.
>>
>
> Not that I know anything about LDAP, but world readable is not 600 perms.
> IIRC, doesn't sshd_config need to be 600 and not 644?

You're right, but that wasn't the problem anyway.  Something evil
happened in the Fedora upgrade.  I ended up blowing away the entire
OpenLDAP installation, reinstalling, and then restoring the LDAP
database from backup.

I'm rapidly reaching the point of wanting to ditch Fedora, if only all
the alternatives didn't suck more  :P

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
L. Friedman netllama at gmail.com
LlamaLand https://netllama.linux-sxs.org