Re: ldap auth with nss_ldap on FC4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Daniel Chénard wrote:

Hi everybody!

I wanna know if i'm alone to have detect a little problem with the ldap
auth?


in /etc/ldap.conf, if I use rootbinddn for my proxyageant, that doesn't
seem to work but that work with binddn and bindpw. My
file /etc/ldap.secret mode is 0600 owner is root.root

tx for your answer





Yes, I have similar problems. I can use LDAP to authenticate users but they can't change
password.


My /etc/ldap.conf looks like this:

host 127.0.0.1
base dc=my-domain,dc=com
#rootbinddn cn=Manager,dc=my-domain,dc=com
pam_login_attribute uid
pam_member_attribute memberUid
pam_password md5
nss_base_passwd ou=People,dc=my-domain,dc=com?one
nss_base_shadow ou=People,dc=my-domain,dc=com?one
nss_base_group          ou=Group,dc=my-domain,dc=com?one
ssl no


If I uncomment the rootbinddn line, authentication fails. The problem seams to be on the PAM side. I have no problem using the LDAP server running on FC4 to authenticate users on FC3 machines, appart from being authenticated they can also change their passwords and root can change password of any user.


The /etc/openldap/slapd.conf looks like this:

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
allow bind_v2
pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
       by self write
       by users read
       by anonymous auth
database        bdb
password-hash {MD5}
suffix          "dc=my-domain,dc=com"
rootdn          "cn=Manager,dc=my-domain,dc=com"
rootpw          secret
directory       /var/lib/ldap
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub


My /etc/ldap.secret is readable and writable by the user ldap, and only by that user.



This worked perfectly with the same settings on FC3. Any idea what have changed?



Regards Uno Engborg



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux