OT: Help Kyrre with his LDAP authentification headatches :)
Kyrre Ness Sjobak
kyrre at solution-forge.net
Thu Nov 25 22:12:37 UTC 2004
tor, 25.11.2004 kl. 22.49 skrev Kyrre Ness Sjobak:
> After reading to many pages on screen and on dead wood, asking (with no
> results) on forums, never receiving sign-up confirmation for the
> padl.com pamldap list, getting my post rejected at other LDAP mailing
> lists, and generally banging my head against the monitor for way to much
> time, i am hoping for a merciful harbor here. Please? If for nothing
> else, to save the forests from my printer?
>
> I am trying to set up a login-system based on LDAP - with a Debian
> (sarge) box as LDAP (and NFS) server, and Fedora Core 3 machines as
> clients.
>
> So far, no luck. (not for 2 months...). After finally getting the server
> to *start*, and adding what i (think is) an appropriate directory basic
> layout using phpldapadmin (running on an apache server on the same box),
> i still can't login.
>
> If i try to login (using su - *username*) from root, all i get is "user
> does not exist". I know the client is okay - if i direct it to an
> (older) ldap-running box, it works mountainously.
>
> I have a structure where all the user accounts are put in
> ou=People,dc=valler,dc=vgs,dc=no (as "PosixAccount" and "PosixGroup"
> according to phpldapadmin). This does work on the before mentioned box
> (if i have "copied" the setup right using gq to read it, and
> phpldapadmin to edit the new servers directory.)
>
> If i try to connect to the server using directory administrator, I can
> see all users/groups. Trying to change the user password gives an error,
> and if i try to create a new user i get "object class violation".
>
> Anybody who can help me? I am quite inexperienced when it comes to LDAP,
> and does now think i have spent way to many hours reading dead threes/on
> screen documentation of varying quality and relevance.
>
> I shall post any material you ask for.
>
> Kyrre Ness Sjøbæk
Sorry for answering myself, but comparing the ldiff-files:
in both i have a structure up to ou=People,dc=valler,dc=vgs,dc=no
But in the working one, there is a
"cn=Users,ou=People,dc=valler,dc=vgs,dc=no"
in which all the users are placed. The groups are placed directly on
People.
On the non-functional server, both users and groups are placed directly
on People.
"cn=Users,ou=People,dc=valler,dc=vgs,dc=no" seems to be the "primary
group" for all users (which i know is correct). It is at least a
"posixGroup" objectClass.
I hope i figured it out! Isn't it typical, after two months of
headbanging, you post a desperate mail, and then the solution is there,
10 minutes later...
Kyrre
More information about the fedora-devel-list
mailing list