SUMMERY about Client Problem
Tay, Gary
Gary_Tay at platts.com
Wed Sep 22 06:29:12 UTC 2004
Anyone just correct me if I am wrong.
Do not set a "Manager" binddn in LDAP Client's /etc/ldap.conf file and
expose the bindpw, try to use a different binddn object which has less
ACL rights especially when Manager can change anything including
userPassword, LDAP client will try to bind as anonymous if binddn/bindpw
are not defined.
Because it is binding as "Manager", it succeeded always even if there is
any ACL at the server.
RedHat's authconfig has an "operation" issue, it WILL ALWAYS OVERWRITE
/etc/pam.d/system-auth (instead of incremental change) and MAY OVERWRITE
/etc/ldap.conf if u define LDAP Authentication stuff, it may also make
changes to /etc/nsswitch.conf and at the end restart nscd.
Due to this, if u have customized or bug fix changes to /etc/ldap.conf,
u hv to do the "step two" u called, manually.
Gary
-----Original Message-----
From: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com]
On Behalf Of Rezk Mekhael
Sent: Wednesday, September 22, 2004 7:54 AM
To: openldap-software at OpenLDAP.org
Cc: pam-list at redhat.com
Subject: SUMMERY about Client Problem
The reason I have this problem, I am running ACL on the server
side, so I need to do two steps on the client side not one:
One the client side:
1) run authconfig will update this 2 lines on /etc/ldap.conf
"base ou=people,dc=domain,dc=com"
"host ldap_server_name.domain.com"
2) edit /etc/ldap.conf
binddn "cn=Manager,dc=domain,dc=com"
bindpw "ldappassword"
rootbinddn "cn=Manager,dc=domain,dc=com"
Can we make a SUMMERY for all of the fix, it will be easy for all of us
when we search , just the problem and the fix and in the subject line
"SUMMERY for ....."
--
Sincerely,
Rezk Mekhael
Manager of Systems
At 01:09 PM 9/20/2004, Rezk Mekhael wrote:
Hi managers,
I have two redhat machines acting in an openldap client/server
role. Whenever I try to log in to the openLdap client with my user ID
registered in the LDAP directory you got the following message before
getting a shell prompt : "Cannot find name for user ID..."
but I am authenticated just fine, but I can retrieve my user ID using
"id" but I can't see account name only I can see the ID not the account
>name
>login: my
>Password:
>Last login: Fri Sep 17 13:18:58 from oscar.abcz.com
>id: cannot find name for user ID 670655
>robles11.abcz.com> ls -l
>total 32
>-rwxr-xr-x 1 670655 36 4375 Sep 30 1999 dead.letter
>drwxr-xr-x 2 670655 36 4096 Jul 10 18:37 mail
>-rw-r--r-- 1 670655 36 19968 Feb 15 2000
ResearchReviewAccept
>34.doc robles11.abdz.com>
>
>
>It is the same problem in this link
>
>http://www.redhat.com/archives/redhat-list/2004-May/msg00911.html
>
>
>any idea
>
>
>--
>Sincerely,
>Rezk Mekhael
>
>Incoming / Outgoing Mail scanned for known Viruses by CLUnet(R)
Incoming / Outgoing Mail scanned for known Viruses by CLUnet(R)
_______________________________________________
Pam-list mailing list
Pam-list at redhat.com https://www.redhat.com/mailman/listinfo/pam-list
More information about the Pam-list
mailing list