Re: openldap trouble

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It's a known bug
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161437

 
On 10/26/05, Yang Xiao <yxiao2004@xxxxxxxxx> wrote:
Hi,
I found that if I change the /etc/ldap.conf to use binddn and bindpw it works, but I if I use rootbinddb, and put the password in /etc/ldap.secret, it doesn't. it's the same user account, any ideas? and how would this affect ldap operations?
 
- Yang

 
On 10/26/05, Craig White <craigwhite@xxxxxxxxxxx > wrote:
On Wed, 2005-10-26 at 10:08 -0400, Yang Xiao wrote:
> Hi all,
> I'm running openldap-2.2.23-5 on FC4 with nss_ldap, I'm was able start
> the server and populate the db using smbldap-tool, ldapsearch works,
> smbldap-useradd works, but I can't seem to make name switch to work, I
> tried both "files ldap" and "compat ldap" for passwd/shadow/group, PAM
> system-auth seems to be ok.
> I think I should be able to see the ldap users when I do "getent
> passwd", but this only shows  the passwd file content.
> please help!
>
> Many thanks!
>
> - Yang
>
> #system-auth
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required      /lib/security/$ISA/pam_env.so
> auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth
> nullok
> auth        sufficient    /lib/security/$ISA/pam_ldap.so
> use_first_pass
> auth        required      /lib/security/$ISA/pam_deny.so
>
> account     required      /lib/security/$ISA/pam_unix.so broken_shadow
> account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid <
> 100 quiet
> account     [default=bad success=ok
> user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
> account     required      /lib/security/$ISA/pam_permit.so
>
> password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
> password    sufficient    /lib/security/$ISA/pam_unix.so nullok
> use_authtok md5 shadow
> password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
> password    required      /lib/security/$ISA/pam_deny.so
>
> session     required      /lib/security/$ISA/pam_limits.so
> session     required      /lib/security/$ISA/pam_unix.so
> session     optional      /lib/security/$ISA/pam_ldap.so
>
> #NSSWITCH
>
> passwd:     compat ldap
> group:      compat ldap
>
> hosts:      files dns
> networks:       files dns
>
> services:   files ldap
> protocols:  files ldap
> rpc:            files
> ethers:         files
> netmasks:       files
> netgroup:   files ldap
> publickey:      files
>
> bootparams:     files
> automount:  files ldap
> aliases:        files
>
> shadow:     compat ldap
>
> #/etc/ldap.conf
>
> host: 127.0.0.1
> base dc=xxx,dc=com
> # stored in /etc/ldap.secret (mode 600)
> rootbinddn cn=nssldap,ou=DSA,dc=xxx,dc=com
>
> nss_base_passwd         ou=Users,dc=xxx,dc=com?one
> nss_base_passwd         ou=Computers,dc=xxx,dc=com?one
> nss_base_shadow         ou=Users,dc=xxx,dc=com?one
> nss_base_group          ou=Groups,dc=xxx,dc=com?one
>
> pam_password md5
> ssl no
----
it looks pretty good...

what happens when you try from command line?

ldapsearch -x -h 127.0.0.1 -D 'cn=nssldap,ou=DSA,dc=xxx,dc=com' \
-W '(objectclass=*)' |grep uid

does it list users? Obviously the password you use 'MUST' be the same
password you have in /etc/ldap.secret for this to simulate what you are
trying to do.

Craig


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux