[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Help with Solaris LDAP client (how to make client read shadow information)

To: openldap-technical@openldap.org
Subject: Re: Help with Solaris LDAP client (how to make client read shadow information)
From: curious penguin <pepe.the.bofh@gmail.com>
Date: Tue, 14 Feb 2012 09:49:38 -0800
Cc: NetNinja <2bitninja@gmail.com>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=SiAZDYLyZEZryP9EzopJmDmY0BE+oiQiETkuNLU6CHw=; b=DuQAV7OrgQ86nRmq+aPUi+p+uL9qNBZdeHJzgfqA5t83FsPJkA0civ/FwrM5G9jFxm INDaxPUxX6uDxE9sUO9J4JpH914kBkBfnbdThfaSTqkjN8e+RiV71m1WkjyAQxDKdqXP WuHppoT0Y5PU/E6MbYAilHUqD/mlfeFCnPTbU=
In-reply-to: <CAK0N32F8GyAbrGCmFTzDX1OB0hDLyTvZwszHAZ2GAvQrmWUCZQ@mail.gmail.com>
References: <CADL9bSHqtO3hp+2WZtDD4rcbVG-eCTpknQSyWkaafVxC0DKwhg@mail.gmail.com> <CAK0N32F8GyAbrGCmFTzDX1OB0hDLyTvZwszHAZ2GAvQrmWUCZQ@mail.gmail.com>

root@solaris:~# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=Dummy
NS_LDAP_BINDPASSWD= {NS1}3df552e9d230
NS_LDAP_SERVERS= 10.208.55.126
NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=org
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_SCOPE= sub
NS_LDAP_CACHETTL= 0
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=mydomain,dc=org?sub
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=mydomain,dc=org?sub
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=mydomain,dc=org?sub
NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple

ldif sample:
dn: uid=pepe,ou=People,dc=mydomain,dc=org
uid: pepe
cn: Pepe Longstocking
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$6$KrdeSmkx$xvFUO40DKcq1GkJ00000tAGS0oBuWBAAAAAAvxrl1
shadowLastChange: 15358
shadowMax: 35
shadowWarning: 35
loginShell: /bin/ksh
uidNumber: 215
gidNumber: 212
homeDirectory: /home/pepe
gecos: Pepe Longstocking

On Fri, Feb 10, 2012 at 11:15 AM, NetNinja <2bitninja@gmail.com> wrote:

Can you show the output of ldapclient list command and the ldif files
you used to add the solaris client to the LDAP server.

On Thu, Feb 9, 2012 at 8:32 PM, curious penguin <pepe.the.bofh@gmail.com> wrote:
> Hi,
>
> I have ldap clients on two different OS platforms, Solaris and Linux.
> When "shadowExpire" for a specific user is set, the Linux client sees
> the change and denies logon for the user which is what I'm trying to
> implement. But this behaviour doesn't work in my Solaris client. It
> seems like it doesn't respect the rest of the shadow attributes on the
> Ldap server. I've been scratching my head for days now but doing so
> haven't help me figure out what the problem or reason is.
>
> Could anyone shed some light on this.
>

References:
- Help with Solaris LDAP client (how to make client read shadow information)
  - From: curious penguin <pepe.the.bofh@gmail.com>
- Re: Help with Solaris LDAP client (how to make client read shadow information)
  - From: NetNinja <2bitninja@gmail.com>

Prev by Date: Re: Missing Syntax description in the cn=subschema's LDAPSyntaxes AT
Next by Date: to anyone who uses slapo-lastbind on their ldap server
Index(es):
- Chronological
- Thread