<div>Hi,</div>
<div>I found that if I change the /etc/ldap.conf to use binddn and bindpw it works, but I if I use rootbinddb, and put the password in /etc/ldap.secret, it doesn't. it's the same user account, any ideas? and how would this affect ldap operations?
</div>
<div> </div>
<div>- Yang<br><br> </div>
<div><span class="gmail_quote">On 10/26/05, <b class="gmail_sendername">Craig White</b> <<a href="mailto:craigwhite@azapple.com">craigwhite@azapple.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">On Wed, 2005-10-26 at 10:08 -0400, Yang Xiao wrote:<br>> Hi all,<br>> I'm running openldap-2.2.23-5 on FC4 with nss_ldap, I'm was able start
<br>> the server and populate the db using smbldap-tool, ldapsearch works,<br>> smbldap-useradd works, but I can't seem to make name switch to work, I<br>> tried both "files ldap" and "compat ldap" for passwd/shadow/group, PAM
<br>> system-auth seems to be ok.<br>> I think I should be able to see the ldap users when I do "getent<br>> passwd", but this only shows the passwd file content.<br>> please help!<br>><br>> Many thanks!
<br>><br>> - Yang<br>><br>> #system-auth<br>> #%PAM-1.0<br>> # This file is auto-generated.<br>> # User changes will be destroyed the next time authconfig is run.<br>> auth required /lib/security/$ISA/pam_env.so
<br>> auth sufficient /lib/security/$ISA/pam_unix.so likeauth<br>> nullok<br>> auth sufficient /lib/security/$ISA/pam_ldap.so<br>> use_first_pass<br>> auth required /lib/security/$ISA/pam_deny.so
<br>><br>> account required /lib/security/$ISA/pam_unix.so broken_shadow<br>> account sufficient /lib/security/$ISA/pam_succeed_if.so uid <<br>> 100 quiet<br>> account [default=bad success=ok
<br>> user_unknown=ignore] /lib/security/$ISA/pam_ldap.so<br>> account required /lib/security/$ISA/pam_permit.so<br>><br>> password requisite /lib/security/$ISA/pam_cracklib.so retry=3<br>> password sufficient /lib/security/$ISA/pam_unix.so nullok
<br>> use_authtok md5 shadow<br>> password sufficient /lib/security/$ISA/pam_ldap.so use_authtok<br>> password required /lib/security/$ISA/pam_deny.so<br>><br>> session required /lib/security/$ISA/pam_limits.so
<br>> session required /lib/security/$ISA/pam_unix.so<br>> session optional /lib/security/$ISA/pam_ldap.so<br>><br>> #NSSWITCH<br>><br>> passwd: compat ldap<br>> group: compat ldap
<br>><br>> hosts: files dns<br>> networks: files dns<br>><br>> services: files ldap<br>> protocols: files ldap<br>> rpc: files<br>> ethers: files<br>> netmasks: files
<br>> netgroup: files ldap<br>> publickey: files<br>><br>> bootparams: files<br>> automount: files ldap<br>> aliases: files<br>><br>> shadow: compat ldap<br>><br>> #/etc/ldap.conf
<br>><br>> host: <a href="http://127.0.0.1">127.0.0.1</a><br>> base dc=xxx,dc=com<br>> # stored in /etc/ldap.secret (mode 600)<br>> rootbinddn cn=nssldap,ou=DSA,dc=xxx,dc=com<br>><br>> nss_base_passwd ou=Users,dc=xxx,dc=com?one
<br>> nss_base_passwd ou=Computers,dc=xxx,dc=com?one<br>> nss_base_shadow ou=Users,dc=xxx,dc=com?one<br>> nss_base_group ou=Groups,dc=xxx,dc=com?one<br>><br>> pam_password md5<br>> ssl no
<br>----<br>it looks pretty good...<br><br>what happens when you try from command line?<br><br>ldapsearch -x -h <a href="http://127.0.0.1">127.0.0.1</a> -D 'cn=nssldap,ou=DSA,dc=xxx,dc=com' \<br>-W '(objectclass=*)' |grep uid
<br><br>does it list users? Obviously the password you use 'MUST' be the same<br>password you have in /etc/ldap.secret for this to simulate what you are<br>trying to do.<br><br>Craig<br><br><br>--<br>This message has been scanned for viruses and
<br>dangerous content by MailScanner, and is<br>believed to be clean.<br><br>--<br>fedora-list mailing list<br><a href="mailto:fedora-list@redhat.com">fedora-list@redhat.com</a><br>To unsubscribe: <a href="https://www.redhat.com/mailman/listinfo/fedora-list">
https://www.redhat.com/mailman/listinfo/fedora-list</a><br></blockquote></div><br>