Solaris 8 LDAP - going nuts

From: Christophe Dupre (duprec@scorec.rpi.edu)
Date: Fri Apr 11 2003 - 17:09:47 EDT


Hello everyone,
I have Solaris 8 2/02 setup with Sun ONE Directory Server 5.1 SP2 running.
I have created several instances of posixAccount in the directory, and I
have setup the machine using ldapclient. I have modified nsswitch.conf to
have:
passwd: files ldap [TRYAGAIN=5]
group: files ldap [TRYAGAIN=5]

I can use getent to get passwd and group entry from the LDAP server.

I have setup pam.conf:

login auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
login auth required /usr/lib/security/$ISA/pam_ldap.so.1 try_first_pass debug
login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
other auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
other auth required /usr/lib/security/$ISA/pam_ldap.so.1 try_first_pass
other password sufficient /usr/lib/security/$ISA/pam_unix.so.1
other password required /usr/lib/security/$ISA/pam_ldap.so.1

And yet, I can't su/ssh/passwd for accounts defined in ldap. I get:
bash-2.03# passwd zeghal
passwd(SYSTEM): zeghal does not exist
passwd(LDAP): zeghal does not exist
Permission denied

ldapclient configuration:
# ldapclient -l
NS_LDAP_FILE_VERSION = 1.0
NS_LDAP_SERVERS = 127.0.0.1
NS_LDAP_SEARCH_BASEDN = dc=foo,dc=com
NS_LDAP_AUTH = NS_LDAP_AUTH_NONE
NS_LDAP_TRANSPORT_SEC = NS_LDAP_SEC_NONE
NS_LDAP_SEARCH_REF = NS_LDAP_FOLLOWREF
NS_LDAP_DOMAIN = foo.com
NS_LDAP_EXP = Fri Apr 11 23:32:40 2003
NS_LDAP_SEARCH_SCOPE = NS_LDAP_SCOPE_ONELEVEL
NS_LDAP_SEARCH_TIME = 30
NS_LDAP_BIND_TIME = 30

Help would be appreciated.

--
Christophe Dupre
System Administrator, Scientific Computation Research Center
Rensselaer Polytechnic Institute
Troy, NY        USA
Phone: (518) 276-2578  -  Fax: (518) 276-4886
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers


This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:11 EDT