LDAP Auth
Joseph M Bironas
fedora at josebiro.com
Thu Nov 20 21:13:24 UTC 2003
On Thu, 2003-11-20 at 12:25, Nalin Dahyabhai wrote:
> What info are you getting from the LDAP server (LDIF would be helpful
> here)? Does it conform to the posixAccount schema? What are the host
> and base DN you're configuring nss_ldap to search with, and how did you
> invoke ldapsearch to troubleshoot it?
>
> Cheers,
>
> Nalin
I can pull an entire record from LDAP. The server is actually Win2K
using Active Directory, but using the AD4Unix schema, so there is a
mapping for posixAccount to User, but the relevant username/passwords
work on a RH7.3 machine and a RH8 machine with an identical config in
/etc/ldap.conf and /etc/openldap/ldap.conf
The host I'm searching against is 192.168.2.xx, and the base DN is
dc=company,dc=com - the scope is sub. Here are the relevant schema
mappings:
nss_base_passwd dc=company,dc=com?sub
nss_base_shadow dc=company,dc=com?sub
nss_base_group dc=company,dc=com?sub
nss_map_objectclass posixAccount User
nss_map_attribute uid msSFUName
nss_map_attribute uniqueMember posixMember
nss_map_attribute userPassword msSFUPassword
nss_map_attribute homeDirectory msSFUHomeDirectory
nss_map_attribute cn msSFUName
nss_map_objectclass posixGroup Group
pam_login_attribute sAMAccountName
pam_login_attribute msSFUName
pam_filter objectclass=User
ldapsearch works when invoked as follows:
# ldapsearch -x -D "cn=Administrator,cn=Users,dc=company,dc=com" -W
"sAMAccountName=[username]"
/etc/nsswitch.conf is configured correctly.
What am I missing that is keeping getent from reporting the ldap users?
It's been a while since I got this running on RedHat 7.3 and RedHat 8,
has fedora changed it's nss_ldap and pam_ldap packaging? (I remember
having to recompile for RH 7.3 to support schema mapping).
Regards,
Joseph
More information about the fedora-list
mailing list