[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Getent fonction with ldap

Subject: Re: Getent fonction with ldap
From: Tony Earnshaw <tonni@hetnet.nl>
Date: Mon, 04 Feb 2008 15:25:52 +0100
Cc: ldap <openldap-technical@openldap.org>
In-reply-to: <47A70DD9.8030904@free.fr>
References: <47A70DD9.8030904@free.fr>
User-agent: Thunderbird 2.0.0.9 (X11/20071031)

asiani@free.fr skrev, on 04-02-2008 14:06:

I'm looking for a documentation of "howto configure getent with ldap",
can you help me, i have problem with this fonction on centos 4.4

i can't get entries from ldap but i try to configure :
/etc/pam.d/system-auth
/etc/ldap.conf

You're mixing up nss_ldap and pam_ldap. The above files have mostly to do with pam_ldap, you should be looking at /etc/nsswitch.conf.

I'll grant you the Red Hat derived pam_ and nss_ldap libraries are very much mixed together in how far the nss library uses /etc/ldap.conf (far more than in the original Padl versions) but if getent with ldap doesn't work for you, it's far more likely that the fault is in nsswitch.conf than in ldap.conf. Exceptions are lines beginning with "nss_".

slapcat is ok
i do :
smbpasswd -w mypassword
i put my conf at the bottom of this email,

/etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
# Modif by AS
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100
quiet
account     required      /lib/security/$ISA/pam_permit.so
account     sufficient    /lib/security/$ISA/pam_ldap.so


password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password    required      /lib/security/$ISA/pam_deny.so
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_ldap.so


This is pure pam, has nothing to do with nss_ldap.

/etc/ldap.conf
host 127.0.0.1

Ok.

#host 10.0.0.245
base dc=myDomain,dc=com
rootbinddn cn=Manager,dc=myDomain,dc=com

Ok.

timelimit 120
bind_timelimit 120
idle_timelimit 3600
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5


None of the above has anything to do with nss.

Best,

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet dot nl

Follow-Ups:
- Re: Getent fonction with ldap
  - From: "asiani@free.fr" <alain.siani@gmail.com>

References:
- Getent fonction with ldap
  - From: "asiani@free.fr" <alain.siani@gmail.com>

Prev by Date: Getent fonction with ldap
Next by Date: Re: Getent fonction with ldap
Index(es):
- Chronological
- Thread