[Date Prev][Date Next] [Chronological] [Thread] [Top]

using Domino for authentication

To: openldap-software@OpenLDAP.org
Subject: using Domino for authentication
From: ABell@intec.co.uk
Date: Wed, 4 Sep 2002 15:10:36 +0100

I am trying to set up a linux box to use LDAP authentication with Domino as the directory, it is proving to be interesting. I have installed nss_ldap and pam_ldap on linux and set up the ldap.conf file to point to my domino server. I can run command line queries on the linux box like this one:

# ldapsearch -x "(&(objectclass=dominoPerson)(uid=abell))
version: 2

#
# filter: (&(objectclass=dominoPerson)(uid=abell))
# requesting: ALL
#

# Alan Bell, Intec
dn: CN=Alan Bell,O=Intec
cn: Alan Bell
shortname: ABell
uid: ABell
mail: ABell@intec.co.uk
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: dominoPerson
certificate:: MDMwMDJBMDIgNzM3RDIzRDYgMDdHMDE2MTQgRzAwMjM0MjEARUQ0MjNFMDMgRzAw
MzAyMDAgMDEyMDg2MDAgMjkwNTUzMDAARUI2NzI1RzAgMDI0RkcwMDIgRkNENzQwMDAgQzg2QjI1M
DAANjBDODQwMDAgQTM2RTI1ODAgMDFBMDc3MDAgMjkwNTUzMDAARUI2NzI1RzAgMDI0RkcwMDIgRk
NENzQwMDAgQzg2QjI1MDAANjBDODQwMDAgQTM2RTI1ODAgNEYzRDQ5NkUgNzQ2NTYzNDMANEUzRDQ
xNkMgNjE2RTIwNDIgNjU2QzZDMkYgNEYzRDQ5NkUANzQ2NTYzNDIgNTYwNDAwMzEgMkUzMDAwNDIg
NDMwMTAwMDMANDI0MTAxMDAgMzA0MjRDMDIgMDA3NjAyNEUgNEU0RjAwQ0IAQzFBMzc5NzEgMjlDR
EJFREUgRjE4Nzg3OTAgNjc1QkRGMDMAOEQ4N0REOUEgODc5OTQ2MTQgMTQ2QkMwM0EgMjg3RTc3MU
IANEJFRjI2NkEgRUM2NDkyNTQgNTNCMDI2MzMgRERBRUY5QjQARTM0OEM1MTAgQjRDOUNERUIgRjN
DNkYxQ0MgNTVEOURBOTQAQUI1QUFBRTUgRENDREVCNTUgNTkyNUVCMUQgMDYyRTQ1NEUAMDMwMDAx
MDAgMDE0RDQxMDggMDA1QzEzRDMgOTdCRUY3NkIAODI3RTAwNTAgNTU1MjUzNDEgNDYxMUI2ODAgN
kY3RDQ2MzEAOTdBRjE3NzggNEQyMTRFNEEgRjcxM0M3QjQgNEI0MzIzQjEANjU5ODA5NjYgQ0IwMT
FDQzAgREUwRjkwODYgOTE3NEU0MjcAOEI4Q0VBM0YgREI3NkVFN0QgRjE5OTg3OTQgREU3MUY5Qzc
AODMyNDZDNDYgNDBDNUFEMkYgQjE2QjkwNTcgRDJBNzVFRjMAOTdEQTNBMkUgMTQ2N0Y4MDcgNDI1
NjA0MDAgMzEyRTMwMDAANDI0MzAxMDAgMDM0MjQxMDEgMDAzMDQyNEMgMDJHMDAxMDIANEU0RTQwM
DAgNEI5OTc2REYgOTdGOUUzMEQgNjk0NjQyRDEANDIzNkVCMTUgRjVBOUMyMjQgQjkzRjEzRjggND
kzRjBEMTQARDMyODM2QjIgNzVFMUU0OUQgN0Y3OTM1QzQgNTYwQjQ2NjAAQjRBMUVGN0EgOTE3QkR
GRTkgMEQzQkNENzMgRkZGNTBENzYAQjVEMjg3RDUgNDU0RTAzMDAgMDEwMDAxNEQgNDEwODAwMUIA
MzVBRUExNjEgMkM5MzhENkYgMDA1MDU1NTIgNTM0MTQ2MDEAMkI0REI0MjggRTRBMjNCNjAgQTFGM
UVDQTkgNkRDODMxNDEAQjkxM0RGQUQgMjhERkZCMjggOEU0MDRFREMgNDdDRUI4MjQARjRDRTE2ME
QgOURCMkMwODQgMzc3OTQ3MjAgMjIxODAyQjAANURDOTQxQ0QgQ0I3Mzg0OTcgRjJBNURFRTAgRjA
wOEFDRDEAOTEwODYzMjEgOUE3NjU4OTEgNzA3N0IxNkEgQkUwNQ==
givenname: Alan
sn: Bell
maildomain: Intec

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
however I can't log in. When I compiled nss_ldap with the "--enable-debug-code" option I discovered that the query being passed to the domino server is "(&(objectclass=posixAccount)(uid=abell))" but the domino directory does not have an objectclass of posixAccount. I have a line in my ldap.conf:
nss_map_objectclass posixAccount dominoPerson

which I hoped would map posixAccount onto dominoPerson.

excerpt from /var/log/messages:

Sep 4 10:38:54 cvs login(pam_unix)[17968]: bad username []
Sep 4 10:39:03 cvs login(pam_unix)[17974]: check pass; user unknown
Sep 4 10:39:03 cvs login(pam_unix)[17974]: authentication failure; logname= uid
=0 euid=0 tty=pts/3 ruser= rhost=ThisAddressDoesNotExist
Sep 4 10:39:05 cvs login[17974]: pam_ldap: ldap_search_s No such object
Sep 4 10:39:07 cvs login[17974]: FAILED LOGIN 1 FROM ThisAddressDoesNotExist FO
R abell, Authentication failure

I even changed posixAccount to dominoPerson in ldap-schema.h and recompiled but to no avail. Has anyone succeded in using domino LDAP with linux and got a clue for me?

Prev by Date: Re: bind.c peername?
Next by Date: Migration from 2.0.23 -> 2.1.4
Index(es):
- Chronological
- Thread