openldap trouble
Yang Xiao
yxiao2004 at gmail.com
Wed Oct 26 17:12:11 UTC 2005
It's a known bug
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161437
On 10/26/05, Yang Xiao <yxiao2004 at gmail.com> wrote:
>
> Hi,
> I found that if I change the /etc/ldap.conf to use binddn and bindpw it
> works, but I if I use rootbinddb, and put the password in /etc/ldap.secret,
> it doesn't. it's the same user account, any ideas? and how would this affect
> ldap operations?
> - Yang
>
> On 10/26/05, Craig White <craigwhite at azapple.com> wrote:
> >
> > On Wed, 2005-10-26 at 10:08 -0400, Yang Xiao wrote:
> > > Hi all,
> > > I'm running openldap-2.2.23-5 on FC4 with nss_ldap, I'm was able start
> >
> > > the server and populate the db using smbldap-tool, ldapsearch works,
> > > smbldap-useradd works, but I can't seem to make name switch to work, I
> > > tried both "files ldap" and "compat ldap" for passwd/shadow/group, PAM
> >
> > > system-auth seems to be ok.
> > > I think I should be able to see the ldap users when I do "getent
> > > passwd", but this only shows the passwd file content.
> > > please help!
> > >
> > > Many thanks!
> > >
> > > - Yang
> > >
> > > #system-auth
> > > #%PAM-1.0
> > > # This file is auto-generated.
> > > # User changes will be destroyed the next time authconfig is run.
> > > auth required /lib/security/$ISA/pam_env.so
> > > auth sufficient /lib/security/$ISA/pam_unix.so likeauth
> > > nullok
> > > auth sufficient /lib/security/$ISA/pam_ldap.so
> > > use_first_pass
> > > auth required /lib/security/$ISA/pam_deny.so
> > >
> > > account required /lib/security/$ISA/pam_unix.so broken_shadow
> > > account sufficient /lib/security/$ISA/pam_succeed_if.so uid <
> > > 100 quiet
> > > account [default=bad success=ok
> > > user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
> > > account required /lib/security/$ISA/pam_permit.so
> > >
> > > password requisite /lib/security/$ISA/pam_cracklib.so retry=3
> > > password sufficient /lib/security/$ISA/pam_unix.so nullok
> > > use_authtok md5 shadow
> > > password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
> > > password required /lib/security/$ISA/pam_deny.so
> > >
> > > session required /lib/security/$ISA/pam_limits.so
> > > session required /lib/security/$ISA/pam_unix.so
> > > session optional /lib/security/$ISA/pam_ldap.so
> > >
> > > #NSSWITCH
> > >
> > > passwd: compat ldap
> > > group: compat ldap
> > >
> > > hosts: files dns
> > > networks: files dns
> > >
> > > services: files ldap
> > > protocols: files ldap
> > > rpc: files
> > > ethers: files
> > > netmasks: files
> > > netgroup: files ldap
> > > publickey: files
> > >
> > > bootparams: files
> > > automount: files ldap
> > > aliases: files
> > >
> > > shadow: compat ldap
> > >
> > > #/etc/ldap.conf
> > >
> > > host: 127.0.0.1 <http://127.0.0.1/>
> > > base dc=xxx,dc=com
> > > # stored in /etc/ldap.secret (mode 600)
> > > rootbinddn cn=nssldap,ou=DSA,dc=xxx,dc=com
> > >
> > > nss_base_passwd ou=Users,dc=xxx,dc=com?one
> > > nss_base_passwd ou=Computers,dc=xxx,dc=com?one
> > > nss_base_shadow ou=Users,dc=xxx,dc=com?one
> > > nss_base_group ou=Groups,dc=xxx,dc=com?one
> > >
> > > pam_password md5
> > > ssl no
> > ----
> > it looks pretty good...
> >
> > what happens when you try from command line?
> >
> > ldapsearch -x -h 127.0.0.1 <http://127.0.0.1/> -D
> > 'cn=nssldap,ou=DSA,dc=xxx,dc=com' \
> > -W '(objectclass=*)' |grep uid
> >
> > does it list users? Obviously the password you use 'MUST' be the same
> > password you have in /etc/ldap.secret for this to simulate what you are
> > trying to do.
> >
> > Craig
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > --
> > fedora-list mailing list
> > fedora-list at redhat.com
> > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20051026/9e82f184/attachment-0001.htm>
More information about the fedora-list
mailing list