Hello Aaron,
I already changed the parameter in the pam_ldap.conf and in the nslcd.conf
ssl on
instead of
ssl start_tls
Anywhere else?
Thanks for the advice, I thought I had fixed it... and in fact
ldapsearch -x -H ldaps://server does work, the problem is within pam, it
seems to be stucked
Hello ldap,
In fact in my authconfig instruction I have --enableforcelegacy, but
this only works on my f14 clients, rh refuses to accept this option, but
I already set the forcelegacy=yes in my /etc/sysconfig/authconfig.
At the very beginning sssd was a little crazy... but I have learnt to
On 04/13/2011 04:01 AM, Judith Flo Gaya wrote:
On 04/13/2011 11:16 AM, harry.j...@arcor.de wrote:
Judith Flo Gaya wrote:
Hi Harry,
a priori I was doing it, now I compiled from source the same version
of openldap, so now both server and clients have the same openldap
fine
Do you also use
On 04/13/2011 05:02 AM, Judith Flo Gaya wrote:
Hello Rich,
On 04/12/2011 10:24 PM, Rich Megginson wrote:
On 04/12/2011 02:18 PM, Judith Flo Gaya wrote:
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 172.19.5.13:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
TLS
On 04/13/2011 08:27 AM, Judith Flo Gaya wrote:
here it is, thanks!
# certutil -d /etc/openldap/cacerts/ -L name cert
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
name cert CTu,u,u
#
Thanks for your response.
On Wed, Apr 13, 2011 at 8:30 AM, Dan White dwh...@olp.net wrote:
On 12/04/11 19:10 -0500, Madhusudan Singh wrote:
Hello
I have an LDAP authentication setup that authenticates users against a
server that I do not control.
Could you provide more details about
On Wed, Apr 13, 2011 at 8:40 AM, Aaron Richton rich...@nbcs.rutgers.eduwrote:
On Tue, 12 Apr 2011, Madhusudan Singh wrote:
Hello
I have an LDAP authentication setup that authenticates users against a
server that I do not control.
However, whenever a user logs in, the default home
I've been working on configuring solaris 10 to auth against openldap.
Currently i have a centos 5.4 box authing against the same ldap server,
and all local solaris openldap tools work on the solaris host that i'm
having issues with.
I believe the issue is related to pam or ssh, as I don't see any
I have an openldap server where I have people entered in basic
inetOrgPerson format.
I am having an issue where it can't authenticate some users. I have
narrowed things down to an issue where if I run:
ldapsearch -x -L -D myRootDn -W -b myBaseOU uid=tony
It successfully returns my user object.
Emmanuel Lécharny writes:
What comes to my mind now is that we (the OSS gang) could define a
common extension to help organize those added schema elements. That
could help...
I'm in favor of that as long as someone else does the work:-)
Don't know if I'd have time to do much about it for a
Hello all,
This post may be a little OT, but i'm sure this subject has bitten some
of you some time. So, i'm willing to take the chance.
Anyway, feel free to redirect me and this conversation elsewhere.
Background:
There's an LDAP infrastructure set up, which has been fed and maintained
by
If everything else works fine, and only ssh fails
check sshd_config for this parameter:
PAMAuthenticationViaKBDInt yes
pam.conf:
Try moving statements with ldap.so.1 to the end of
each section and add debug switch:
login auth requisite pam_authtok_get.so.1
login auth required
Hello,
Finally find out in the pam.d files that the passwd file contained this:
-password optional pam_gnome_keyring.so use_authtok
after removing the use_authtok parameter, the user was able to login,
and in general be found by the system.
Changing the password with the passwd command
On Wed, 2011-04-13 at 09:51 -0500, Madhusudan Singh wrote:
The client is an OpenSuSE 11.2 machine that has a nss_ldap installed
(along with pam_ldap). The IT folks also installed a binary-only
module that permits the authentication to the University LDAP server.
That is why I am using an old
Have you tried to use the tls_reqcert never directive in nslcd.conf
(may not apply in your case ?). I wouldn't run this way, just for
troubleshooting. Also, in nslcd.conf did I see that you changed ssl
start_tls to something else. We use ssl start_tls in our RH6 boxes.
Also, in nslcd.conf we
subtree-exclude existed for a long time, and was documented in slapd-meta(5);
subtree-include was added in 2.4.24
I tested your solution below with release 2.4.25. The result is that server1 is
properly invoked when base is ou=S1,ou=A,o=B,c=C but it is not invoked when
base is above
--On Wednesday, April 13, 2011 2:48 PM -0400 Michael Slack
antonius.sl...@gmail.com wrote:
I seem to remember that ldapsearch with the default connect will open
the DB files directly and read them ??? If so, why can ldapsearch
find the object, but slapd can't. If not, what is happening that
--On Thursday, April 14, 2011 5:28 PM -0700 Christopher Strider Cook
cc...@pandora.com wrote:
Alternately, I tried to setup a separate database cn=config_slave and
have that snycrepl to the slave into cn=config... but that creates a
naming missmatch.
Is there an approved practice to achieve
On 4/15/11 9:59 AM, Quanah Gibson-Mount wrote:
--On Thursday, April 14, 2011 5:28 PM -0700 Christopher Strider Cook
cc...@pandora.com wrote:
Alternately, I tried to setup a separate database cn=config_slave and
have that snycrepl to the slave into cn=config... but that creates a
naming
Quanah Gibson-Mount wrote:
--On Thursday, April 14, 2011 5:28 PM -0700 Christopher Strider Cook
cc...@pandora.com wrote:
Alternately, I tried to setup a separate database cn=config_slave and
have that snycrepl to the slave into cn=config... but that creates a
naming missmatch.
Is there an
Can you give me some details of this ?
I do not want to mess up a working authentication mechanism if I can avoid
it.
On Fri, Apr 15, 2011 at 9:37 AM, Arthur de Jong art...@arthurdejong.orgwrote:
On Wed, 2011-04-13 at 09:51 -0500, Madhusudan Singh wrote:
The client is an OpenSuSE 11.2
On 4/15/11 11:46 AM, Howard Chu wrote:
Quanah Gibson-Mount wrote:
--On Thursday, April 14, 2011 5:28 PM -0700 Christopher Strider Cook
cc...@pandora.com wrote:
Alternately, I tried to setup a separate database cn=config_slave and
have that snycrepl to the slave into cn=config... but that
Christopher Strider Cook wrote:
On 4/15/11 11:46 AM, Howard Chu wrote:
Quanah Gibson-Mount wrote:
--On Thursday, April 14, 2011 5:28 PM -0700 Christopher Strider Cook
cc...@pandora.com wrote:
Alternately, I tried to setup a separate database cn=config_slave and
have that snycrepl to the
23 matches
Mail list logo
