[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pamldap
Subject:    Re: [pamldap] pam_ldap and nss_ldap on solaris 7
From:       jehan.procaccia () int-evry ! Fr
Date:       2001-01-25 15:44:01
[Download RAW message or body]

IT finally works :-) see below...

Joerg Paysen wrote:
> 
> On Thu, 25 Jan 2
> 
> 001 jehan.procaccia@int-evry.Fr wrote:
> 
> Hi,
> 
> this is how a got pam+nss ldap to work on solaris 7:
> 
> First, nss_ldap looks up a user if it doesnt exist
> in /etc/passwd if /etc/nsswitch.conf looks like
> 
> ...
> passwd: files ldap
> ...
> 
> pam_ldap is only responsible for authentication.
> 
> On my linux ldap server I run openldap-2.0.7.
> I use the migartion script which I changed that way
> that uid < 100 are not included to the ldap database.
> (I think its a bad idea to provide root password over
> network.)
> I think its extremly important that you have a
> /etc/shadow file so that an ObjectClass shadowAccount
> will be created in the ldap database. My experience is
> that without shadowAccount nss_ldap does not work on
> solaris!!
> 

Great !!! that was it, I  used migration tools with nis map, it didn't
included the shadowAccount objectclass . Now I recreated my openldap
directory from /etc/passwd and /etc/shadow and it works better, I can
telnet , su from solaris to the openldap server.

If its not already mentioned on the docs (MigrationTools, nss_lapd,
pam_ldap READMEs ...) it would be a good idea to do it in order to
prevent other people wasting time on this !

I still have one small problem, password changing:

$ passwd
passwd:  Changing password for procacci
Enter login(LDAP) password: 
New password: 
Re-enter new password: 
LDAP password information update failed: Success
Çè
Autorisation refusée
(traduction: authorisation refused)

I already had this under linux, I'll check out my confs.

Thanks a lot.


-- 
Jehan Procaccia
Institut National des Telecommunications| Email :
Jehan.Procaccia@int-evry.fr 
9 rue Charles Fourier			| Tel   : +33 (0) 160764436 
91011 Evry   France			| Fax   : +33 (0) 160764321

[prev in list] [next in list] [prev in thread] [next in thread]