Mailinglist Archive: opensuse (1177 mails)
| < Previous | Next > |
[opensuse] Re: ldap authentication to Novell eDirectory
- From: Jim Henderson <hendersj@xxxxxxxxx>
- Date: Wed, 1 Sep 2010 15:57:29 +0000 (UTC)
- Message-id: <i5lt59$jio$1@xxxxxxxxxxxxxxx>
On Tue, 31 Aug 2010 15:18:15 -0400, James Pifer wrote:
Hi, James -
A couple questions:
1. Are the POSIX schema extensions in place on the server?
2. In eDirectory, are you using the standard password, Universal
Password, or some other configuration? (I note in your ldap.conf file
you've got the nds password selected)
The thing that makes me think that the POSIX extensions aren't there (you
need both POSIXUser and POSIXGroup IIRC) is that you don't seem to be
getting a mapping of the login name or uid.
If the schema extensions are installed, the next step is to verify (a)
that schema sync has completed appropriately (you might do a schema
compare between the server with the master of [Root] and the server
you're authenticating to if you have more than one server in the tree).
If there is more than one server in the tree, you also need to be sure
that the LDAP server you're contacting has a local replica (easiest
configuration) or that you are properly configured to pass LDAP referrals
back to PAM and that PAM will chase the referrals.
It's been a while since I played around with this (I used to teach the
eDirectory Advanced Technical Training for Novell), but off the top of my
head, that's where I'd start.
Jim
--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
I'm trying to setup ldap authentication to eDirectory. I'm actually
doing it on SLES11, but hoping someone here can give me a hand. I'm
getting an error when I try to ssh as a user that only exists in ldap,
not locally. I've found a lot of references to this error, but have not
found a solution that works for my situation.
Hi, James -
A couple questions:
1. Are the POSIX schema extensions in place on the server?
2. In eDirectory, are you using the standard password, Universal
Password, or some other configuration? (I note in your ldap.conf file
you've got the nds password selected)
The thing that makes me think that the POSIX extensions aren't there (you
need both POSIXUser and POSIXGroup IIRC) is that you don't seem to be
getting a mapping of the login name or uid.
If the schema extensions are installed, the next step is to verify (a)
that schema sync has completed appropriately (you might do a schema
compare between the server with the master of [Root] and the server
you're authenticating to if you have more than one server in the tree).
If there is more than one server in the tree, you also need to be sure
that the LDAP server you're contacting has a local replica (easiest
configuration) or that you are properly configured to pass LDAP referrals
back to PAM and that PAM will chase the referrals.
It's been a while since I played around with this (I used to teach the
eDirectory Advanced Technical Training for Novell), but off the top of my
head, that's where I'd start.
Jim
--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |