Hello,
I'm just setting up a pc with sles 11.3 and ran into a problem with authentication over ldap:
getent passwd works fine, it lists the users defined on the ldap-server, but when I want to su to one of them, it tells me, that the user doesn't exist. Nothing is said in /var/log/messages. I guess the ldap and nsswitch settings must be correct, because of the getent, so I thought maybe pam is not configured properly, but I have a similar machine with sles 11.2, where /etc/pam.d/ is configured exactly the same and everything works fine.

What I did after installation was:
Edit following files:
Code:
#/etc/nsswitch.conf
passwd:         files ldap
group:          files ldap
shadow:         files ldap
[...]
Code:
#/etc/ldap.conf
uri ldap://[...]/
base [...]
ldap_version    3
bind_policy     soft

ssl start_tls
tls_checkpeer yes
tls_cacertfile [...]
tls_cacertdir [...]

restart yes
scope   sub

nss_base_passwd [...] #i'm not sure, if those are needed
nss_base_shadow [...]
nss_base_group [...]
nss_base_hosts [...]
nss_schema      rfc2307
nss_map_attribute       uniqueMember member
nss_connect_policy      persist
nss_initgroups_ignoreusers [...]

pam_password    exop
pam_filter      objectclass=posixAccount
pam_crypt       local

binddn [...]
bindpw [...]
Code:
#/etc/openldap/ldap.conf
TLS_REQCERT     allow
uri [...]
base [...]
scope   sub

TLS_CACERT [...]
Then I copied the certificate, put hostname and ip of the machine in /etc/hosts and did:
Code:
zypper in nss_ldap
zypper in pam_ldap
pam-config -a --ldap
Can anybody tell me, what I forgot, or what the problem could be?