[prev in list] [next in list] [prev in thread] [next in thread]
List: nssldap
Subject: [nssldap] Problem with pam_ldap or with ACL and attrs=userPassword
From: Michele Marcionelli <michele.marcionelli () math ! ethz ! ch>
Date: 2005-10-03 8:41:07
Message-ID: 3f44b77cbe29b0238be19de1933d578b () math ! ethz ! ch
[Download RAW message or body]
Hello List,
I just compiled and installed OpenLDAP 2.2.26 on a Red Hat Enterprise
Linux AS 4.
I migrated from nis (yp) and configured a Client to work with ldap.
1st Try: slapd.conf without any ACL's
evrething works find on the client side ;-))
2nd Try: I just activated two ACL's; slapd.conf looks like this (see
bottom)
can't login anymore -> has someone an idea?
(client: RHEL 3 with openldap-2.0.27 and nss_ldap-207 with pam_ldap)
This is what I tested:
on a nis-client:
user1# ssh ldap-client
-> works
on a ldap-client:
user1# id user2
-> works
user1# su - user2
-> don't work: "/bin/su: incorrect password"
I also tried the solution proposed here
http://web.singnet.com.sg/~garyttt/ > 3. Installing and Configuring
OpenSSH with pam_ldap for RedHat Enterprise Linux3: see
/etc/pam.d/system-auth
##################################################
# slapd.conf
##################################################
# Include schema required
include
/scratch/local/app/openldap/current/etc/openldap/schema/core.schema
include
/scratch/local/app/openldap/current/etc/openldap/schema/cosine.schema
include
/scratch/local/app/openldap/current/etc/openldap/schema/
inetorgperson.schema
include
/scratch/local/app/openldap/current/etc/openldap/schema/nis.schema
include
/scratch/local/app/openldap/current/etc/openldap/schema/samba.schema
include
/scratch/local/app/openldap/current/etc/openldap/schema/apple.schema
include
/scratch/local/app/openldap/current/etc/openldap/schema/solaris.schema
include
/scratch/local/app/openldap/current/etc/openldap/schema/
solaris_automount.schema
# Add logging parameters
pidfile /scratch/local/app/openldap/current/var/run/slapd.pid
argsfile /scratch/local/app/openldap/current/var/run/slapd.args
# TLS Options for slapd
TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
TLSCertificateFile /usr/share/ssl/certs/slapd.pem
TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
# Define global ACLs to disable default read access.
# Users can change their own passwords. Other users can attempt to
# authenticate, but can't read the userPassword value.
access to attrs=userPassword
by self write
by * auth
# Default to read access
access to *
by * read
# Database backend definition
database bdb
# Root suffix
suffix "dc=math,dc=ethz,dc=ch"
# Root DN and password for superuser privileges
rootdn "cn=root,dc=math,dc=ethz,dc=ch"
rootpw *******
# Directory containing the database files
directory /scratch/local/app/openldap/current/var/openldap-data
mode 0600
# Indices to maintain
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
##################################################
--
michele.marcionelli@math.ethz.ch / phone: +41 44 632 6193
eth zentrum / hg g 14 / raemistrasse 101 - ch-8092 zurich
!DSPAM:4340eea624741317292400!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic