[Date Prev][Date Next] [Chronological] [Thread] [Top]

something strange I can't understand.

To: openldap-software@OpenLDAP.org
Subject: something strange I can't understand.
From: jawed abbasi <jabbasi@yahoo.com>
Date: Sun, 29 Jun 2003 20:46:57 -0700 (PDT)

Hi 

  I have working LDAP which has some users and it
authenticates also fine, but I saw a problem yesterday
when I changed something in system_Auth

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time
authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so
likeauth nullok
auth        sufficient    /lib/security/pam_ldap.so
use_first_pass
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so
#account     required      /lib/security/pam_ldap.so

password    required     
/lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so
nullok use_authtok md5 shadow
password    sufficient    /lib/security/pam_ldap.so
use_authtok
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_ldap.so
"system-auth" 19L, 879C

Above is my system-auth
As soon as I umcommented the commented entry
#account     required      /lib/security/pam_ldap.so
I couldn't login as any user whether the user was in
LDAP database, or system files, so I had boot system
in sigle user mode, and reverted my changes and it
started 
working.
Can anybody make sense of this?
Plus I setup things so that users can change their own
passwords in LDAP, but I tried to change password as a
user using passwd utility, and it told me that only
root can change password.

Does anyone know how I can make this work.
fgollowing are ACL in my ldap

access to dn=".*,dc=navtechinc,dc=com"
attr=userPassword
        by dn="cn=Manager,dc=navtechinc,dc=com" write
        by self write
        by * auth

access to dn=".*,dc=navtechinc,dc=com" attr=mail
        by dn="cn=Manager,dc=navtechinc,dc=com" write
        by self write
        by * read

access to dn=".*,ou=ykf,dc=navtechinc,dc=com"
        by * read

access to dn=".*,dc=navtechinc,dc=com"
        by self write
        by * read

Thanks in advance.

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com

Prev by Date: Re: upgrading from 2.0 to 2.1
Next by Date: How to convert Visual 5 to Visual 6 dsw/dsp project files?
Index(es):
- Chronological
- Thread