Daniel Chénard wrote:
Yes, I have similar problems. I can use LDAP to authenticate users but they can't changeHi everybody!
I wanna know if i'm alone to have detect a little problem with the ldap
auth?
in /etc/ldap.conf, if I use rootbinddn for my proxyageant, that doesn't seem to work but that work with binddn and bindpw. My file /etc/ldap.secret mode is 0600 owner is root.root
tx for your answer
password.
My /etc/ldap.conf looks like this:
host 127.0.0.1 base dc=my-domain,dc=com #rootbinddn cn=Manager,dc=my-domain,dc=com pam_login_attribute uid pam_member_attribute memberUid pam_password md5 nss_base_passwd ou=People,dc=my-domain,dc=com?one nss_base_shadow ou=People,dc=my-domain,dc=com?one nss_base_group ou=Group,dc=my-domain,dc=com?one ssl no
If I uncomment the rootbinddn line, authentication fails. The problem seams to be on the PAM side. I have no problem using the LDAP server running on FC4 to authenticate users on FC3 machines, appart from being authenticated they can also change their passwords and root can change password of any user.
The /etc/openldap/slapd.conf looks like this:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
allow bind_v2
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
by self write
by users read
by anonymous auth
database bdb
password-hash {MD5}
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
rootpw secret
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,subMy /etc/ldap.secret is readable and writable by the user ldap, and only by that user.
This worked perfectly with the same settings on FC3. Any idea what have changed?
Regards Uno Engborg
