LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

August 2011

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS August 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	LDAP problems with short user names in SL6.1
From:	"~Stack~" <[log in to unmask]>
Reply To:	~Stack~
Date:	Fri, 26 Aug 2011 18:06:13 -0500
Content-Type:	multipart/signed
Parts/Attachments:	text/plain (2261 bytes) , signature.asc (268 bytes)

Good afternoon.

Back history:
I have run into an odd problem with our old Debian LDAP system with
SL6.1 clients. I know that this LDAP configuration is old and needs to
be updated quite a bit (it is on the ever-increasing To-Do list,
honest!) but it functions rather well for what we need at the moment. I
am bringing an old inherited system up to date and I started with the
desktops at our lab. Scientific Linux seemed to fit better with what we
are doing than the other distros and after a month of testing, I rolled
out SL6.0. It worked beautifully. So well, in fact, that I am replacing
the highly mixed environment (6 different Linux distros) by
standardizing on SL6. Not long after I rolled it out, 6.1 was released.
I thought I had done due diligence in testing out 6.1 with our servers
and I thought everything was moving along perfectly. So I rolled out 6.1
to the desktops. For the vast majority of my users, this roll out went
smoothly and they love 6.1.

Problem:
LDAP apparently doesn't like some of my users names. Specifically, I
have a user named BJ (real birth name; doesn't stand for anything; yes,
he has heard all the jokes) and another user who prefers to use his
initials as his login name. For a very long time this has worked just
fine with this old LDAP system. SL6.0 worked just fine and had no issues
with two character user names. However, 6.1 does not like them at all.

It seems that LDAP has issues trying to resolve the name and reports
back that the user name is invalid. All the information I have found
seems to point to the LDAP server not being correctly set up, but if the
user logs into the SL6.0 boxes, everything works correctly. It is just
SL6.1. So I doubt the full extent of the problem lays with the server.

Also, this happens on EVERY 6.1 install. Any user name longer then 3
characters can log in and use the machine just fine (at least the one
user with the login 'jim' works; everyone else has 5 or more characters).

Any idea as to why this is happening? The log files are pretty sparse as
they all just say LDAP user is invalid. Maybe I am not looking in the
right place?

Has anyone else run into this problem? Is this a bug? Should I try to
fill out a proper bug report? Should I just give up and make my users
get a new user name?

Thank you!
~Stack~

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV