Page MenuHomePhabricator

Fix LDAP config on codfw1dev instances
Closed, ResolvedPublic


The proxyagent password in this region was the usual one ($125) prefixed with lt- for reasons I'm forgetting. This was done in but the file is no longer in use.
It might be easiest just to update the password in codfw1dev's LDAP to remove the prefix.
This password goes into /etc/ldap.yaml etc. on the instances and is used by e.g. /usr/sbin/ssh-key-ldap-lookup. Also shows up in ldap_default_authtok in /etc/sssd/sssd.conf
In addition, I've found /etc/ldap.conf (note: distinct from /etc/ldap.yaml and /etc/ldap/ldap.conf) with a reference to ldap://

Event Timeline

After updating ldap_default_authtok in /etc/sssd/sssd.conf and password in /etc/ldap.yaml to include the prefix, and restarting sssd, my instance works a little more normally:

alex@alex-laptop:~$ ssh
Creating directory '/home/labtestkrenair'.
Linux puppetmaster-codfw1dev-01 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u2 (2019-11-11) x86_64
Debian GNU/Linux 10 (buster)
The last Puppet run was at Tue Jan 14 00:57:51 UTC 2020 (11 minutes ago). Puppet is disabled.
Last puppet commit: (a83f55682f) Daniel Zahn - codesearch: fix parameters of apt::package_from:component
Krenair assigned this task to Andrew. (not sure this is actually in use but anyway)
and the LDAP password change done by Andrew. thanks