My goal is to get eDir/PAM Authentication working again.

Before I upgraded to sles10sp3 - oes2sp2 I was able to authenticate to my sles10sp2 - oes2sp1 servers using eDirectory credentials. After the upgrade, I get error messages on all upgraded servers. Some allow me to sudo, others do not. The ones that do not allow me to sudo, will not accept my password:

Connection to nauth1.ndev.lafayette.edu closed.
jonesrn@tiber:~/Desktop> ssh server1
jonesrn@server1:~> sudo su -
jonesrn's password:
server1:~ #

Now I upgrade to oes2sp2. Notice:

1. My username gets two extra apostrophies
2. I get the message: "ldapssl_init: Bad file descriptor"
3. On some servers I do not even sudo to su -. This one did it anyway:

server1:~ # exit
logout
jonesrn@server1:~> sudo su -
jonesrn'''s password:
ldapssl_init: Bad file descriptor
server1:~ #

server1:~ # tail /var/log/messages
Jan 15 15:56:46 server1 sudo: pam_ldap_init(): ldap handle is NULL from ldapssl_init
Jan 15 15:56:46 server1 sudo: _nds_ldap_init: pam_ldap_init() failed, trying to connect to the alternative LDAP server
Jan 15 15:56:46 server1 sudo: _nds_ldap_init: Unable to get list of alternative LDAP servers from the config file, error [2]
Jan 15 15:56:46 server1 sudo: PAM_NAM:_nds_loginUser():_nds_ldap_init failed
Jan 15 15:56:46 server1 sudo: ldapmapstatus():pam_get_data() failed
Jan 15 15:56:46 server1 sudo: PAM_NAM:_nds_clear_and_exit() could not return ldap handle
Jan 15 15:56:46 server1 sudo: PAM_NAM : NDS Login failed
Jan 15 15:56:46 server1 sudo: PAM_NAM:Account management failed.
Jan 15 15:56:46 server1 sudo: jonesrn : TTY=pts/1 ; PWD=/home/jonesrn ; USER=root ; COMMAND=/bin/su -
Jan 15 15:56:46 server1 su: (to root) jonesrn on /dev/pts/1
server1:~ #

I get valid UID and GID numbers and other parameters from my eDirectory account. Servers that have not been upgraded do not have the problem, so the difficulty does not seem to be with LUM or namcd.

server1:~ # namuserlist -x o=college|grep jonesrn
jonesrn:x:6666:666::/home/jonesrn:/bin/bash
server1:~ #

My namconfig parameters look identical to those of my working servers:

server1:~ # namconfig get
base-name=o=college
user-context=
group-context=
admin-fdn=cn=admin,o=college
proxy-user-fdn=
proxy-user-pwd=
alternative-ldap-server-list=
preferred-server=192.168.5.144
num-threads=5 [default: '10']
schema=rfc2307
enable-persistent-cache=yes
user-hash-size=211 [default: '211']
group-hash-size=211 [default: '211']
persistent-cache-refresh-period=28800 [default: '28800']
persistent-cache-refresh-flag=all
create-home=yes
enable-boma=no
type-of-authentication=2 [default: '1']
certificate-file-type=der
ldap-ssl-port=636 [default: '636']
ldap-port=389 [default: '389']
support-alias-name=no
support-outside-base-context=yes
cache-only=no
persistent-search=yes
case-sensitive=no
convert-lowercase=no
server1:~ #

No differences between /etc/pam.d/sudo on working and non-working servers either:

server1:~ # cat /etc/pam.d/sudo
auth sufficient pam_nam.so
account sufficient pam_nam.so
password sufficient pam_nam.so
session optional pam_nam.so
#%PAM-1.0
auth include common-auth
account include common-account
password include common-password
session include common-session

server1:~ #

server1:~ # cat /etc/pam.d/passwd
#%PAM-1.0
auth include common-auth
account include common-account
password include common-password
session include common-session
server1:~ #

server1:~ # oes-SPident

CONCLUSION: System is up-to-date!
found SLES-10-OES2-SP2-x86_64 + "online updates"

server1:~ #

I have also confirmed that my ports 636 and 389 are opened between my server and the ldap server listed in "namconfig get".

I have run namconfig cache_refresh and rebooted the servers with no improvement.