[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unable to login to local LDAP server



Stephen Torri wanted us to know:

>On Fri, 2002-07-05 at 09:59, Alan Womack wrote:
>> I've not seen that particular error message, but I have similiar issues from the PAM system-auth module when I have LDAP enabled in the account section.  Although, commenting out the line neuters ldap for login purposes, it does allow me to continue working on other issues until I can come back to that one.
>What tool(s) do you use to administer your OpenLDAP server? How can I be
>sure that I have the server set up properly? Any recommended reading?

If you are using Mandrake, there is a utility named userdrake that can
manage users on an ldap directory.  The first issue to deal with is that
userdrake creates secondary group entries in the uniqueMember attribute,
putting the full dn for the user as the value.  nss_ldap reads both
uniqueMember -and- memberUid to determine groups.  If you have been
putting just "username" in the memberUid attribute, then userdrake won't
recognize it.  

It might be convenient for you to setup a Mandrake box just for
directory user administration, however, you will have to download the
source rpm for nss_ldap-194 (Mdk 8.2 ships with nss_ldap-173), rebuild
it on your 8.2 box, and upgrade that.  The second issue is that
userdrake by default wants to use standard unix crypt instead of the gnu
extension (MD5 shadowed crypt), but changing the password from the
commandline with 'passwd username' works properly if your
/etc/ldap.conf, /etc/pam.d/system-auth, and /etc/pam.d/passwd are
configured properly, so you're covered there.
-- 
Blue skies...	Todd 	Public key: http://www.mrball.net/todd.asc
...and I will strike down upon thee with great vengeance and furious
 anger, those who attempt to poison and destroy my binaries, and you 
    will know my name is root, when I lay my vengeance upon you.

Attachment: pgpoGAlKYVfhn.pgp
Description: PGP signature