[K12OSN] RE: K12OSN Digest, Vol 19, Issue 45

Fri Sep 30 15:08:42 UTC 2005

Hello Team,

Perhaps I'm looking at this the wrong way.  I assumed that by
authenticating against a different LDAP server, I could use one "list"
of accounts for a number of servers.  The second response below seems to
be saying that I need to duplicate the userlist on the LTSP server.  If
so, what is the point of authenticating to the LDAP server?  I thought
the idea of LDAP was "one user list available in many places".  Is this
not correct?

My LDAP logs in OSX show the following;

Sep 29 11:16:45 ybstudent slapd[52]: <= bdb_equality_candidates: (rid)
index_param failed (18) 

Sep 29 14:31:33 ybstudent slapd[52]: do_search: invalid dn (dc=ybstudent
dc=org) 

Sep 29 14:31:35 ybstudent slapd[52]: do_search: invalid dn (dc=ybstudent
dc=org) 

Sep 29 14:31:51 ybstudent slapd[52]: do_search: invalid dn (dc=ybstudent
dc=org) 

Sep 29 14:31:55 ybstudent slapd[52]: do_search: invalid dn (dc=ybstudent
dc=org) 

Sep 30 07:59:34 localhost slapd[52]: @(#) $OpenLDAP: slapd 2.2.19 $ 

Sep 30 07:59:34 localhost slapd[52]: bdb_back_initialize: Sleepycat
Software: Berkeley DB 4.2.52: (December  3, 2003) 

Sep 30 07:59:35 localhost slapd[52]: bdb_db_init: Initializing BDB
database 

Sep 30 07:59:36 localhost slapd[52]: slapd starting 

Sep 30 08:00:00 ybstudent slapd[52]: <= bdb_substring_candidates:
(apple-mcxflags) index_param failed (18)

Let me know what you think.

- Sez

********************************************* 
Bruce Selzler 
Digital High School Resource Teacher
http://www.mindsinsight.com
http://homepage.mac.com/sez 
selzlerb at esuhsd.org 
sez at mac.com 
office:(408) 347.4936 
cell: (408) 893.6161 
************************************************

------------------------------

Message: 5
Date: Fri, 30 Sep 2005 00:37:19 GMT
From: cliebow at downeast.net
Subject: Re: [K12OSN] Authenticating from an OSX LDAP Server
To: "Support list for opensource software in schools."
	<k12osn at redhat.com>
Message-ID: <200509300248.j8U2mCB16904 at downeast.net>

Are there any logfiles to look at inosx? can you increase
loglevel??change
the types of logging info? do a slapcat? run ethereal and read the
>For more info see <http://www.k12os.org>

David N. Trask
packets?? all these would help narrow down what is going on..let us know
more !! chuck

> Hello Team,
> 
> I have a k12LTSP server running as a "stand alone" server with local
> authentication. I want to change the authentication method to LDAP
> services being run on an OSX server (Tiger).
> 
> I'm entering what I believe to be the correct server information in
the
> Gnome authentication module.  However it doesn't seem to authenticate.
> Although there is an odd twist to this.
> 
> I have an account with the same username on both servers.  "selzlerb".
> On the k12ltsp server the password for this (local) account is
different
> from the password on the OSX server.  I can log on to the LTSP server
> with the username and the password from the OSX (remote) server.
> 
> Doing this had me thinking it was actually working.  But I can't log
on
> to any other account that should be authenticated via the OSX server.
> Anyone have any advice?
> 
> Let me know what you think.
> 
> - Sez

Bruce,

<disclaimer> This is not a difinitive answer, but something I think I
rememeber reading in the past and it may not even apply. </disclaimer>

If the users already exsist on the LTSP box and are just authenticating
to the OS X box then I think the UIDs have to match up.  That *could*
explain why your admin user works - they both happen to have the same
UID, possibly 501. If my idea is correct, then I guess the solution is
to make the UID's match up. As for how to do this, I don't know.  Hope
that helps a little bit.

Peace,
Jimmy Schwankl

+++++++++++++++++++++++++++++++++++++++++++++++