From: MSMABC (msmabc@hotmail.com)
Date: Fri Feb 09 2007 - 23:42:41 EST
Fellows,
I have pulled all my hair yet could not figure out hence asking for your
expert help.
Here is the deal:
The configuration (1) below shows my ldap.conf file settings which I use to
connect to the iPlanet directory server. This configuration results in a
successful connection / authenticated for the user dummy to the server as you
can see from the connection log (2).
However, on Solaris machine when I use these settings (3), it establishes
connection but user dummy is not authenticated as it looks at the wrong places
for wrong information as is evident in the log (4).
The difference I see in configuration are the following additional lines in
the Linux ldap.conf file which I do not know how should be included on the
Solaris side that it works the same way as Linux pam-ldap does:
base ou=authaccounts,dc=example,dc=com
pam_groupdn cn=pam-people,ou=automatic,ou=groups,dc=example,dc=com
pam_member_attribute uniquemember
So, I am seeking help of you the LDAP gurus out there, in translating this
Linux configuration into Solaris syntax.
Best regards
(1)
$ cat ldap.conf ( Linux)
host directory.example.com
base ou=authaccounts,dc=example,dc=com
binddn cn=pam-agent,ou=agents,ou=Computing
Services,ou=units,dc=example,dc=com
bindpw mypassword
port 636
pam_groupdn cn=pam-people,ou=automatic,ou=groups,dc=example,dc=com
pam_member_attribute uniquemember
pam_password clear
ssl start_tls
ssl on
(2)
$ cat access (Linux Connection Log)
[09/Feb/2007:16:00:53 -0600] conn=677783 op=1 msgId=2 - SRCH
base="ou=authaccounts,dc=example,dc=com" scope=2 filter="(uid=dummy)"
attrs=ALL
[09/Feb/2007:16:00:53 -0600] conn=677783 op=2 msgId=3 - SRCH
base="ou=authaccounts,dc=example,dc=com" scope=2
filter="(&(objectClass=posixGroup)(|(memberUid=dummy)(uniqueMember=uid=dummy,
ou=AuthAccounts, dc=example, dc=com)))" attrs="cn userPassword memberUid
uniqueMember gidNumber"
[09/Feb/2007:16:01:00 -0600] conn=677783 op=3 msgId=4 - SRCH
base="ou=authaccounts,dc=example,dc=com" scope=2
filter="(&(objectClass=shadowAccount)(uid=dummy))" attrs="uid userPassword
shadowLastChange shadowMax shadowMin shadowWarning shadowInactive
shadowExpire"
[09/Feb/2007:16:01:00 -0600] conn=677799 op=1 msgId=2 - SRCH
base="ou=authaccounts,dc=example,dc=com" scope=2 filter="(uid=dummy)"
attrs=ALL
[09/Feb/2007:16:01:00 -0600] conn=677799 op=2 msgId=3 - BIND dn="uid=dummy,
ou=AuthAccounts, dc=example, dc=com" method=128 version=3
[09/Feb/2007:16:01:00 -0600] conn=677799 op=2 msgId=3 - RESULT err=0 tag=97
nentries=0 etime=0 dn="uid=dummy,ou=authaccounts,dc=example,dc=com"
[09/Feb/2007:16:01:00 -0600] conn=677783 op=4 msgId=5 - SRCH
base="ou=authaccounts,dc=example,dc=com" scope=2
filter="(&(objectClass=shadowAccount)(uid=dummy))" attrs="uid userPassword
shadowLastChange shadowMax shadowMin shadowWarning shadowInactive
shadowExpire"
[09/Feb/2007:16:01:00 -0600] conn=677800 op=1 msgId=2 - SRCH
base="ou=authaccounts,dc=example,dc=com" scope=2 filter="(uid=dummy)"
attrs=ALL
[09/Feb/2007:16:01:00 -0600] conn=677800 op=2 msgId=3 - SRCH
base="ou=authaccounts,dc=example,dc=com" scope=2
filter="(&(objectClass=posixGroup)(|(memberUid=dummy)(uniqueMember=uid=dummy,
ou=AuthAccounts, dc=example, dc=com)))" attrs="cn userPassword memberUid
uniqueMember gidNumber"
(3)
(Solaris 9)
# cat ldapclient_start_posix.pamagent
#!/sbin/sh
ldapclient -v manual -a domainName=example.com \
-a defaultSearchBase="ou=authaccounts,dc=example,dc=com" \
-a credentialLevel=proxy \
-a proxyDN="cn=pam-agent,ou=agents,ou=Computing
Services,ou=units,dc=example,dc=com" \
-a proxyPassword= "mypassword" \
-a authenticationMethod=tls:simple \
-a defaultServerList=directory.example.com \
-a certificatePath=/var/ldap/
(4)
(Solaris Connection Log)
$ cat access |grep conn=674322
[09/Feb/2007:15:38:53 -0600] conn=674322 op=-1 msgId=-1 - fd=128 slot=128 LDAP
connection from 192.168.2.16 to 192.168.2.17
[09/Feb/2007:15:38:53 -0600] conn=674322 op=0 msgId=1 - BIND
dn="cn=pam-agent,ou=agents,ou=Computing Services,ou=units,dc=example,dc=com"
method=128 version=3
[09/Feb/2007:15:38:53 -0600] conn=674322 op=0 msgId=1 - RESULT err=0 tag=97
nentries=0 etime=0 dn="cn=pam-agent,ou=agents,ou=computing
services,ou=units,dc=example,dc=com"
[09/Feb/2007:15:39:13 -0600] conn=674322 op=2 msgId=3 - SRCH
base="ou=people,ou=authaccounts,dc=example,dc=com" scope=1
filter="(&(objectClass=posixAccount)(uid=dummy))" attrs="cn uid uidNumber
gidNumber gecos description homeDirectory loginShell"
[09/Feb/2007:15:39:13 -0600] conn=674322 op=2 msgId=3 - RESULT err=32 tag=101
nentries=0 etime=0
[09/Feb/2007:15:39:34 -0600] conn=674322 op=3 msgId=4 - SRCH
base="ou=people,ou=authaccounts,dc=example,dc=com" scope=1
filter="(&(objectClass=posixAccount)(uid=dummy))" attrs="cn uid uidNumber
gidNumber gecos description homeDirectory loginShell"
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:41:37 EDT