[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: i have no name!



Brian K. Jones wrote:
Can't believe this hasn't ever made it to this list :)

I'm running a stock Redhat 7.3 install, including the stock openldap
packages.  I've made it through the importing of NIS data into the
server, and I'm even able, at this point, to log in to another redhat
box via ssh, which gets the login info from the ldap server (yay!).

However, even though I can log into this box using info from the ldap
server, it apparently can't determine my username, because my bash
prompt looks like this: [i have no name!@host]

Also, doing an 'ls -l' in my home directory shows uid number only - no
names.


I did see one post which mentioned changing perms on a file called
libnss-ldap.conf, which I don't even have on any of my systems, and have
never seen documented. The /etc/ldap.conf and /etc/openldap/ldap.conf
files were made world readable, but this didn't solve the problem.


Tony Earnshaw's suggestion to 'play with the ACL's in slapd.conf' is
vague at best.  I have no clue what I would possibly change to get this
to somehow magically work. All I have in the way of acl's right now is
this:

access to dn="" by * read
access to *
        by self write
        by users read
        by anonymous auth

That seems like it would be hard for a user to NOT have access to
something.

Actually ordinary users access the directory anonymously. Otherwise the system would have to repeatedly ask you to enter your password in order to bind as you. Root is an exception because there's only one password that it has to use (in /etc/ldap.secret). Try "by anonymous read" in your ACL. You might want to have a separate "access to attr=userPassword" paragraph so your encrypted passwords are not exposed.
John



Any clues would be greatly appreciated. I'd like to get passed this so
I can start fighting with SSL :-o Thanks.
brian.