[Date Prev][Date Next] [Chronological] [Thread] [Top]

migrating passwd from NIS to LDAP



Hi list,
I've  set up  an LDAP  server  on my  machine. It's  got one  database
containing entries that look like this:

dn: uid=xsfeng,ou=People,o=cs.ubc.ca
mail: xsfeng@cs.ubc.ca
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Xiushan(Shaun) Feng
uid: xsfeng
givenname: Xiushan(Shaun)
sn: Feng
facsimiletelephonenumber: +1 604 822 5485
userpassword: {crypt}[crypted password string]
postaladdress: 2366 Main Mall$Vancouver, B.C.$Canada$V6T 1Z4
roomnumber: 245
homepostaladdress:  xxx-xxx Foo St$Vancouver, B.C.$X6X4X6
homephone: 604-xxx-xxxx
telephonenumber: +1 604 604-822-xxxx
labeleduri: http://www.cs.ubc.ca/~xsfeng
description: Grad

I've also  set up my server  to do TLS. So  far, I can  look people up
by pointing Mozilla's  Addressbook to my LDAP server.  I check the SSL
box,  type in the  userid of  someone in  my database.  Then I  get an
authentication window.  I type in my  password, and the  entry for that
person appears.  So far  so good. Now  I would  like to use  this LDAP
database  as  my  passwd  database   (currently  I  use  NIS).  In  my
nsswitch.conf I have this:

              passwd: files ldap

In  my /etc/ldap.conf  I've put  some stuff  that seems  more  or less
correct (the documentation on this is not exactly plentiful). 

Now, I know this isn't working because when I type ssh I get this:

     You don't exist, go away! 

meaning that  passwd lookups aren't  working. In my slapd  logfile (-d
256) I get a bunch of stuff that looks like this:

TLS: can't accept.
conn=-1 fd=8 closed
daemon: conn=150 fd=8 connection from IP=127.0.0.1:44458 (IP=0.0.0.0:636) accepted.
TLS: can't accept.
conn=-1 fd=8 closed
daemon: conn=151 fd=8 connection from IP=127.0.0.1:44467 (IP=0.0.0.0:636) accepted.
TLS: can't accept.
conn=-1 fd=8 closed

Well, that's not exactly a helpful error message. 
Any advice?  Keep in mind that  I don't understand a  damn thing about
LDAP, either  because the  documentation is not  good, or  because I'm
dumb, but more likely some combination of the two. 

hugs,

chris