Help with LDAP Module for System Auth

From: Ken Kleiner (ken@cs.uml.edu)
Date: Fri Feb 09 2007 - 14:14:01 EST

• Next message: Elizabeth Harvey-Forsythe: "SUMMARY: IIC Bus busy"
• Previous message: Dave Sill: "Administrivia: Tru64-UNIX-Managers information and policy statement"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are running Tru64 5.1B with v6.5 of Internet Express Ldap Module
for System Auth. Our ldap server is openldap on linux.
Authenticating to it from linux clients with TLS works fine.

I discovered that doing so with tru64 is not possible with tls, so
I've configured SSL and ldap_enable, ldap_check show positive results
with ssl connectivity. ldap_get_user also shows all of the entries
from our ldap server. These things also run fine when I point
ldapcd.conf to port 389 (non ssl).

In my ldapcd.conf file I put:
port: 636
usessl: 1
as I've seen on these forums.

When I'm using non ssl, things like id/finger properly show the ldap
entry for a particular user. When doing the same with ssl, I get
'user not found in /etc/passwd, etc'. Again, ldap_get_user and
ldap_get_group DOES work with ssl.

I've run tcpdump on the ldap server to view data coming from the
tru64 box and I don't see ANY traffic coming from
the tru64 box when I run id/finger/su. I do see the traffic
obviously when I do ldap_get_user with ssl - as that does work. I
also do see tcpdump traffic when doing id/su/finger with non ssl
connections.

I am running enhanced security on this system and it is a NIS
client. Can those be causing this?

Here is what ends up in my /etc/sia/matrix.conf when I ldap_enable:

# sia matrix configuration file (BSD only)

siad_setpwent=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so)
siad_endpwent=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so)
siad_getpwent=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so)
siad_getpwnam=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so)
siad_getpwuid=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so)
siad_chg_finger=(OSFC2,/usr/shlib/libsecurity.so)
siad_chg_password=(OSFC2,/usr/shlib/libsecurity.so)
siad_chg_shell=(OSFC2,/usr/shlib/libsecurity.so)
siad_chk_user=(OSFC2,/usr/shlib/libsecurity.so)
siad_setgrent=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so)
siad_endgrent=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so)
siad_getgrent=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so)
siad_getgrnam=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so)
siad_getgrgid=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so)
siad_ses_init=(OSFC2,/usr/shlib/libsecurity.so)
siad_chk_invoker=(OSFC2,/usr/shlib/libsecurity.so)
siad_ses_authent=(OSFC2,/usr/shlib/libsecurity.so)
siad_ses_suauthent=(OSFC2,/usr/shlib/libsecurity.so)
siad_ses_reauthent=(OSFC2,/usr/shlib/libsecurity.so)
siad_ses_estab=(OSFC2,/usr/shlib/libsecurity.so)
siad_ses_launch=(OSFC2,/usr/shlib/libsecurity.so)
siad_ses_release=(OSFC2,/usr/shlib/libsecurity.so)
siad_init=(OSFC2,/usr/shlib/libsecurity.so) (LDAP,/usr/shlib/
libsialdap.so)

Any help or advice would be appreciated - thanks!!!!!

Ken Kleiner
System Manager
UMass Lowell
Computer Science Department
(978) 934-3645
ken@cs.uml.edu

• Next message: Elizabeth Harvey-Forsythe: "SUMMARY: IIC Bus busy"
• Previous message: Dave Sill: "Administrivia: Tru64-UNIX-Managers information and policy statement"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:50:33 EDT