Administering LDAP-UX Client Services

Troubleshooting

using the name of your directory server (from display_profile_cache), search base DN (from display_profile_cache), and a user name from the directory.

You should get output similar to the previous example. If you don’t, anonymous access may not be configured properly. Make sure you have access permissions set correctly for anonymous access. See the steps “Configure anonymous access” and “Set access permissions for anonymous access” under “Configure Your Directory” on page 21 for details on configuring anonymous access.

Enable PAM logging as described under “Enabling and Disabling PAM Logging” on page 132 then try logging in again. Check the PAM logs for any unexpected events.

Enable LDAP-UX logging as described under “Enabling and Disabling LDAP-UX Logging” on page 131, then try logging in again. Check the log file for any unexpected events.

If you are using Netscape Directory Server, use the Netscape Directory Console to authenticate to the directory as the directory administrator. Check the ACIs for the proxy user. Make sure the proxy user or anonymous can view the attributes listed below. If not, change the ACI to allow this. Make sure all users can read their own information. If they cannot, change the ACI to allow this.

Make sure all users have the following attributes and can read them:

cn

loginshell

uid

uidnumber

gidnumber

memberuid

homedirectory

gecos

136

Chapter 4