[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: migrating passwd from NIS to LDAP



tir, 09.03.2004 kl. 20.45 skrev Chris Majewski:

> > The thing is, that your Posix account (compare it to /etc/passwd) for
> > cn: Xiushan(Shaun) Feng Doesn't exist, yet. You have to make it. Maybe
> > /etc/group and /etc/shadow, too. 
> 
> But I'm  not Xiushan Feng! I'm  Chris! And I  do have an entry  in the
> database,  similar to the  entry I  pasted before.  This entry  is not
> exactly a passwd  entry though -- for example, it  doesn't say what my
> home directory is.  What kind of entry is  pam_ldap expecting exactly,
> (or is that a secret)? 

No secret. Short as possible, from now on this is stuff for the Padl
pamldap list, so all further questions there ;)

1: To login via ssh a user has to have a login shell and a home
directory. More important, the user has to have a UID and a GID known to
the system.

2: To use something like Mozilla's LDAP client he doesn't.

So, add objectClass'es posixAccount and posixGroup to your users and
make sure they have at least a UID and UIDNR (corresponding to their
/etc/passwd UID and UIDNR), a GIDNR (/etc/passwd GID and /etc/group GID)
a CN, and if you want them to be able to log in, a login directory and a
login shell.

3: You might need extra stuff in /etc/ldap.conf. Once you change this by
hand, don't use RH's authconfig any more, unless you have a working
backup copy.

> > What OS and distro? (don't tell me, Windows XP, heh?) 
> 
> RedHat 9.

Get (jump from www.biot.com), compile and use GQ. It's a GUI that'll
teach you a lot about Openldap. 

> > What Openldap version? 
> 
> rpm -qa says:
> openldap-2.0.27-8

O.k. for the time being; you'll want to upgrade at some time in the
future.

--Tonni

-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl