Currently automating our LDAP setup via an RPM and I've run into an issue. After installing the RPM, LDAP will not allow domain users to login unless we go into YAST and select "users" and "groups" from the "Read the following items from LDAP data source" section. I've activated/deactivated these settings and looked through various config files but I cannot see them being added etc.

The module we're using is ldapkrb but I also cannot figure out a command to check these parameters.

Has anyone experience with this?

Submitting a modified LDAP.conf file below:

uri <omitted>
binddn cn=<omitted>
bindpw <omitted>
scope sub
bind_timelimit 15
timelimit 15
ldap_version 3
ssl start_tls
tls_reqcert allow
referrals no
base ou=users,o=<omitted>
nss_base_passwd ou=users,o=<omitted>
nss_base_shadow ou=users,o=<omitted>
nss_base_group ou=POSSecure,ou=Groups,o=<omitted>
nss_map_attribute loginShell posShell
nss_map_attribute uniqueMember member
nss_initgroups_ignoreusers root,ldap,pos,dbus
nss_reconnect_tries 1
nss_reconnect_sleeptime 1
nss_reconnect_maxsleeptime 1
nss_reconnect_maxconntries 3
nss_connect_policy persist