[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: AIX as openldap client
On Monday 15 November 2010, Benjamin Griese wrote:
> Hello,
>
> I just wanted to point you to the official guides from IBM howto
> configure your AIX ldap client, which worked fine for me, except für
> sudo-ldap, but that's another topic.
>
> Section 7: http://www.redbooks.ibm.com/redbooks/pdfs/sg247165.pdf
I have read the redbook.
What ldap server are you running? I'm using ubuntu server 10.04.
I think my problem is that I can not bind to the ldap server as a regular user
with the ldapsearch command. I can only bind as the admin specfied as
olcRootDN with password olcRootPW.
I attached the 2 ldif files I use to configure the ldap server. I hope that
someone can find en error in it ....
I also noted that the userPassword entry for cn=admin,dc=axi,dc=intra is not
encrypted. How can I generate an encrypted password? Can this be a {SHA} or
has it to be a {SSHA}?
Stef
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
# Create top-level object in domain dn: dc=test,dc=intra
dn: dc=test,dc=intra
objectClass: top
objectClass: dcObject
objectclass: organization
o: Test organization
dc: Test
# Admin user.
dn: cn=admin,dc=test,dc=intra
cn: admin
objectClass: simpleSecurityObject
objectClass: organizationalRole
description: LDAP administrator
userPassword: secret
dn: ou=People,dc=test,dc=intra
objectClass: organizationalUnit
ou: People
dn: ou=Groups,dc=test,dc=intra
objectClass: organizationalUnit
ou: Groups
# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb
olcModuleLoad: back_monitor
# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=test,dc=intra
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=test,dc=intra
olcRootPW: secret
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcDbIndex: uid eq
olcDbIndex: cn eq
olcDbIndex: ou eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: memberUid eq
olcDbIndex: uniqueMember eq
olcLastMod: TRUE
olcMonitoring: TRUE
olcDbCheckpoint: 512 30
# Van http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html
#olcAccess: to attrs=userPassword
by dn="cn=admin,dc=example,dc=com" write
by anonymous auth
by self write
by * none
#olcAccess: to attrs=shadowLastChange
by self write
by * read
#olcAccess: to dn.base=""
by * read
#olcAccess: to *
by dn="cn=admin,dc=example,dc=com" write
by * read
# Van http://blogger.ziesemer.com/2010/05/openldap-ubuntu-linux.html
olcAccess: to dn.subtree="ou=People,dc=test,dc=intra" attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=example,dc=com" write
by anonymous auth
by self write
by * auth
olcAccess: to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=test,dc=intra" write
by anonymous auth
by * none
# Below line should already exist by default in frontend
# Idd, zie file /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif
#olcAccess: to dn.base=""
by * read
# Below line modified from "*" to "users" to prevent anonymous access.
olcAccess: to *
by dn="cn=admin,dc=test,dc=intra" write
by users read