Thanks Carlos!
I've followed through and it worked.
Now I've tried to add a couple of groups using both YaST and groupadd and noticed that the groups after being added appear differently in the tree:
# ldapsearch -x -D "cn=admin,dc=biocl,dc=weizmann,dc=ac,dc=il" 'objectclass=*' -W
Added with YaST2; # pietro_blocks, bioinfo, biocl.weizmann.ac.il dn: cn=pietro_blocks,ou=bioinfo,dc=biocl,dc=weizmann,dc=ac,dc=il cn: pietro_blocks gidNumber: 6972 objectClass: top objectClass: namedObject objectClass: posixGroup
Added with groupadd: # pietro_lab, bioinfo, biocl.weizmann.ac.il dn: cn=pietro_lab,ou=bioinfo,dc=biocl,dc=weizmann,dc=ac,dc=il objectClass: posixGroup objectClass: groupOfNames cn: pietro_lab gidNumber: 6973 member:
Do you know why the difference and how should I proceed about this? There just a small difference in the way that YaST and "groupadd" handle
On Sonntag, 13. April 2008, Michael Green wrote: posixgroups without any member. Normally you can't create any LDAP Group without members, the objectclass "groupOfNames" doesn't allow that. For that reason "groupadd" is by default adding an empty "member" Attribute to the object, while YaST creates an object of the namedObject Objectclass and recreates that object as "groupOfNames" once the first member is added. That behavior should probably unified in the future, though. Care to submit an enhancement request for that?
I need to do a bulk add of both groups and users. Also I need to delegate the user management to someone who probably won't run YaST2. For bulkloading "groupadd" seems to be the appropriate tool. Or create a LDIF file an use ldapadd to poplulate the database.
On Thu, Apr 10, 2008 at 10:28 PM, Carlos Lorenzo Matés
wrote: Hi
El Jueves, 10 de Abril de 2008, Michael Green escribió:
Hi,
I'm LDAP newbie, finding my way with configuration of the my first LDAP server on SLES10 SP1.
The requirement is that users that access the server via ssh should be authenticated against locally running (i.e. on the same server) LDAP server.
1. Should I install PAM-LDAP rpm package to make such setup work?
2. What is the role of NSS_LDAP package? My understanding it has something to do with nsswitch.conf? Must it be installed is well?
This is a very basic SLES setup, you only had to go to Yast and select eh Ldap client and tell you want users autentified against ldap, then yast will install the required packages
also, if you hadn't done it, you should add the default ldap configuration for storing user accounts and groups (in the same ldap client module)
the steps from the base installations should be as follows:
1. enter Yast 2. go to network services 3. go to Ldap server 4. add your ldap domain 5. go to ldap client 6. select autentificate users against the ldap server 7. select the options to install the default configuration for autentifications of users and groups
now you will be able to add users to your ldap installation with manage users and groups in yast
and login via ssh in your sles box
HTH
-- Warm regards, Michael Green
-- Ralf Haferkamp SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org