-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dave: Just a thought, do you need to do simple binding (ldapsearch -x ...) instead of the default sasl binding? - -- Pat Dave Keeton wrote: > I have z/VM 5.4 with the native CMS LDAP server and RACF. I'm trying to > get it configured so my Linux guests can authenticate via LDAP. I have > been through the following documents: > > Security on z/VM > TCP/IP LDAP Administration Guide > TCP/IP Planning and Customization > Rich Smrcina's "Configuring LDAP on z/VM and Linux" > Alan Altmark's "Securing Linux using LDAP with z/VM RACF" > > All of these documents have helped me to a point... > > As long as I bind to LDAP as LDAPADM, the administrator, I can retrieve > data with an LDAPSRCH (and ldapsearch under Linux). As soon as I try to > bind as any other user to retrieve data, it fails. This command is > issued after adding the user to LDAP via an LDIF file: > > ldapsrch -h 127.0.0.1 -D "cn=user1,o=ibm" -w *masked* -s base -b o=ibm > "objectclass=*" > > it fails with: > > ldap_sasl_bind_s: Operations error > ldap_sasl_bind_s: additional info: R004176 The __passwd() function > failed with error 164 (srv_authenticate_native_password) > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkq71dEACgkQNObCqA8uBsxzngCeINWAVYZ1JQIyuYoKUmNR+a8s 0ZIAoKLn4f/s2J138K8wXQPtvg4O9M1r =dGcE -----END PGP SIGNATURE-----