When nss-pam-ldapd is installed on the system and IPA client is installed without SSSD (--no-sssd option of ipa-client-install), client configuration is invalid and authentication to IPA fails.
nss-pam-ldapd
--no-sssd
ipa-client-install
This is because authconfig overwrites our configuration in /etc/nslcd.conf. Plus, nslcd service is not started.
authconfig
/etc/nslcd.conf
nslcd
How to test: 1) Test with nss-ldap package
restart, i.e. correct services are run after the restart) 2) Test with nss-pam-ldapd
3) Test with SSSD
Resent with proper formating:
How to test: 1) Test with nss-ldap package - install nss-ldap on the client machine - install IPA client with --no-sssd option - `id admin', logging to the machine should work (even after the restart, i.e. correct services are run after the restart) 2) Test with nss-pam-ldapd - uninstall nss-ldap, install nss-pam-ldapd - install IPA client with --no-sssd option - `id admin', logging to the machine should work 3) Test with SSSD - install IPA client - `id admin', logging to the machine should work
master: e773124[[BR]] ipa-2-0: 4edc8c6
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 2.1 - 2011/06
Login to comment on this ticket.