[rhelv6-list] trying to get ldap system authentication working via nslcd
Collins, Kevin [Contractor Acquisition Program]
KCollins at chevron.com
Mon Aug 26 23:46:53 UTC 2013
I think your problem might be this:
--ldapbasedn="ou=Some Users,dc=cisco,dc=com"
This option is for specifying the base of your directory, which is where the various OUs (People, Group, Netgroup, etc) will reside.
I have only run LDAP on linux in environments where we migrated from NIS, but that is how it is there.
Here are some example DNs from our environment:
dn: uid=oracle,ou=People,dc=xxx,dc=yyy
dn: cn=dba,ou=Group,dc=xxx,dc=yyy
dn: cn=os,ou=Netgroup,dc=xxx,dc=yyy
dn: cn=daemon,ou=Aliases,dc=xxx,dc=yyy
I masked the Base DN as "dc=xxx,dc=yyy" but you can see how all the other OUs are "based" to that?
Kevin
-----Original Message-----
From: rhelv6-list-bounces at redhat.com [mailto:rhelv6-list-bounces at redhat.com] On Behalf Of Jason Welsh
Sent: Friday, August 23, 2013 2:33 PM
To: rhelv6-list at redhat.com
Subject: Re: [rhelv6-list] trying to get ldap system authentication working via nslcd
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/23/2013 04:35 PM, Camron W. Fox wrote:
> On 13/08/23 5:03 AM, Jason Welsh wrote:
>> hey folks, Im using a RHEL 6.4 server and I am trying to set up
>> system ldap authentication via nslcd.conf and I have the
>> authenticated bind working, but I cannot get the system to
>> recognize users when i do a "su - userid"
>
>> im pretty sure its my filter thats not right.. Im not quite sure
>> what my filter and map statements should look like.
>
>> right now, im using a simple filter in nslcd.conf like
>
>> filter passwd (objectClass=User)
>
>> when i sniff the transaction to the ldap server (not using
>> encryption yet) i see the client bind to the ldap server, and in
>> the search request, i see Filter:
>> (&(objectClass=posixGroup)(memberUid=tcpdump))
>
>> huh? tcpdump user? o_O and of course 0 results come back.
>
>> any ideas why this is happening? Any suggestions on a better
>> filter/map to use?
>
>> regards, Jason
>
>
> Jason,
>
> What did your authconfig line look like when you setup authentication?
>
> Best Regards,
> Camron
>
authconfig --enableshadow --enablemd5 --enableldap --enableldapauth --disablesssd --disablesssdauth --enableforcelegacy --disableldaptls --ldapserver="myldapserver.cisco.com" --ldapbasedn="ou=Some Users,dc=cisco,dc=com" --updateall
- --
Jason Welsh
Systems Administrator .:|:.:|:.
Threat Response, Intelligence and Development
W: 919-392-6816
M: 919-637-3693
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlIX1Q4ACgkQrKCA2ghdtQQ+uQCePqvpOzoO/1/zpaN7KnuRIt55
tHEAmgPsA3zdTxW/fSDlvFi/M8o4lZVT
=HcTu
-----END PGP SIGNATURE-----
_______________________________________________
rhelv6-list mailing list
rhelv6-list at redhat.com
https://www.redhat.com/mailman/listinfo/rhelv6-list
More information about the rhelv6-list
mailing list