Summary : LDAP @ C2

From: Hysen Hoxha (hysenhoxha@atnet.com.al)
Date: Fri Apr 04 2003 - 10:40:25 EST

• Next message: Ashraf Baker: "DHCP as caa"
• Previous message: Liang, Warren: "SUMMARY: Move root device from Alpha 4100 to DEC2000"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello list

For my latest posting about LDAP & C2 , i want to thank Dave Love for his
answer .
To make a summary of my case , i wanted to have users to be authenticated
against
LDAP database first , and then fall back in c2 security mechanisms .So i
could avoid /etc/passwd
for the majority of users .
I took the following steps , as docs say ,
Enabled ldap module by running
#$LDAP_TOOLS_HOME/ldap enable

Modified /etc/ldapcd.conf according to my settings
Added crypt_passwd: 1 at the end of this file .

Then checked the conf whith
#$LDAP_TOOLS_HOME/ldap_check

And then added a local ldap user with :

#$LDAP_TOOLS_HOME/ldap_add_user

And set his password with

#$LDAP_TOOLS_HOME/ldap_passwd .

I got stuck in the following step

#echo "echo
"<username>:u_name=<username>:u_id#<uid>:u_oldcrypt#3:u_lock@:chkent:" |
/usr/tcb/bin/edauth -s

The system kept saying , "Failed to parse entry beginning with etc".

Because , it tried to find this corresponding entry in /etc/passwd of
course ,
In the end i disabled and enabled ( i did this several times before but
??? ) ldap module and rebooted the hole system .and now everything works
great , following the same previous steps

------------------------------------------------------
My original posting below

Hello list

I am trying to set up LDAP module for system authentication.
I am running a Tru64 UNIX V5.1A with C2 enabled ( shadow passwords only ) ,
 and Internet Express v5.6 installed ( with openldap 2.0.7 )
Following the guide provided in Internet Express Documentation , i have
enabled
ldap module for sys authentication .
Then checked the configuration in /etc/ldapcd.conf by running ldap_check.

----------------

# /usrsr/internet/ldap_tools/ldap_check

Loaded Configuration file /etc/ldapcd.conf
Connected to LDAP server localhost
  Search base "o=ALBTELKO" confirmed
  Retrieved Object class information
  Password object class attributes verified
  Group object class attributes verified
Directory configuration verified
#_
-----------------

But , when trying to add a local user ( stored in ldap ) , with
UserManagment Utility of Internet Expres , the script
fails with :
------------------
Failed to parse input entry beginning with "<username>:u_name=<username>"
----------------
This is because , as the guide states , adding a ldap user with C2 enabled
requires the extrastep as follows

echo "<username>:u_name=<username>:u_id#<uid>:u_oldcrypt#3:u_lock@:chkent:"
|
/usr/tcb/bin/eduath -s

But this fails because not such entry is found in /etc/passwd .

So is it possible to have ldap authentication with C2 enabled or i am
missing something in all this ???

Thanks all

Hysen Hoxha
AlbTelko , Albania
Technical Chief , Internet Affiliate
E-MAIL :hhoxha@atnet.com.al
TEL: 003554375641
FAX:003554375641

------------------------------------------------------------

• Next message: Ashraf Baker: "DHCP as caa"
• Previous message: Liang, Warren: "SUMMARY: Move root device from Alpha 4100 to DEC2000"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:15 EDT