Stephen Torri wanted us to know: >On Fri, 2002-07-05 at 09:59, Alan Womack wrote: >> I've not seen that particular error message, but I have similiar issues from the PAM system-auth module when I have LDAP enabled in the account section. Although, commenting out the line neuters ldap for login purposes, it does allow me to continue working on other issues until I can come back to that one. >What tool(s) do you use to administer your OpenLDAP server? How can I be >sure that I have the server set up properly? Any recommended reading? If you are using Mandrake, there is a utility named userdrake that can manage users on an ldap directory. The first issue to deal with is that userdrake creates secondary group entries in the uniqueMember attribute, putting the full dn for the user as the value. nss_ldap reads both uniqueMember -and- memberUid to determine groups. If you have been putting just "username" in the memberUid attribute, then userdrake won't recognize it. It might be convenient for you to setup a Mandrake box just for directory user administration, however, you will have to download the source rpm for nss_ldap-194 (Mdk 8.2 ships with nss_ldap-173), rebuild it on your 8.2 box, and upgrade that. The second issue is that userdrake by default wants to use standard unix crypt instead of the gnu extension (MD5 shadowed crypt), but changing the password from the commandline with 'passwd username' works properly if your /etc/ldap.conf, /etc/pam.d/system-auth, and /etc/pam.d/passwd are configured properly, so you're covered there. -- Blue skies... Todd Public key: http://www.mrball.net/todd.asc ...and I will strike down upon thee with great vengeance and furious anger, those who attempt to poison and destroy my binaries, and you will know my name is root, when I lay my vengeance upon you.
Attachment:
pgpoGAlKYVfhn.pgp
Description: PGP signature