On Tue, 31 Aug 2010 15:18:15 -0400, James Pifer wrote:
I'm trying to setup ldap authentication to eDirectory. I'm actually doing it on SLES11, but hoping someone here can give me a hand. I'm getting an error when I try to ssh as a user that only exists in ldap, not locally. I've found a lot of references to this error, but have not found a solution that works for my situation.
Hi, James - A couple questions: 1. Are the POSIX schema extensions in place on the server? 2. In eDirectory, are you using the standard password, Universal Password, or some other configuration? (I note in your ldap.conf file you've got the nds password selected) The thing that makes me think that the POSIX extensions aren't there (you need both POSIXUser and POSIXGroup IIRC) is that you don't seem to be getting a mapping of the login name or uid. If the schema extensions are installed, the next step is to verify (a) that schema sync has completed appropriately (you might do a schema compare between the server with the master of [Root] and the server you're authenticating to if you have more than one server in the tree). If there is more than one server in the tree, you also need to be sure that the LDAP server you're contacting has a local replica (easiest configuration) or that you are properly configured to pass LDAP referrals back to PAM and that PAM will chase the referrals. It's been a while since I played around with this (I used to teach the eDirectory Advanced Technical Training for Novell), but off the top of my head, that's where I'd start. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org