OpenBSD with LDAP authentication returning invalid user

Question

I am trying to set up an OpenBSD box to use a LDAP server for authentication. I am following the directions at http://www.obfuscurity.com/2009/08/OpenBSD-as-an-LDAP-Client and for the most part they seem to be working. When I run /usr/libexec/auth/login_-ldap -d -s login USERNAME ldap it authenticates properly, and running ypldap -dv shows output lines like "pushing line:" followed by what looks like a passwd file entry for all my ldap users. So far, so good.

However, when I run getent passwd it still only shows local users (my understanding was that it should show both local and LDAP users), and when I try to authenticate as any LDAP user, authLog shows "Invalid User". What might I have missed?

score 0 · Accepted Answer · answered Mar 03 '14 at 21:30

You have to be very careful that the mappings listed in /etc/ypldap.conf are correct for this to work. In this case, the UID parameter was wrong: instead of returning an ID number, it was returning the user name. This does not create an error anywhere, however it does prevent the users from being used.

OpenBSD with LDAP authentication returning invalid user

1 Answers1