yellow pluggers,
i have my openldap version 2.1.30 up and running for my *nix and
windows clients. the ldap is being used for pam/nss and samba setups.
i can say my directory is working because i can get list of ldap
groups/users via getent. also, i can authenticate via pam under
Solaris 8 (x86) and FreeBSD 5.2, but not linux grrrr talaga!
however, when i set the openldap ACL to:
access to attr=userPassword
by self =xw
by * read <<---- normally should be "auth"
OR
access to * by * read
linux can authenticate, but then userPassword is available
to anyone.
i only get problem on linux authentication when i set the ACL
to something restrictive on userPassword attribute, like:
access to attr=userPassword
by self =xw
by * auth
access to *
by * read
when i tried to use rootbinddn (/etc/ldap.com), no prob. but i
dont like the idea of putting the ldap admin account to
workstations. i tried non-anonymous bind to openldap but no luck.
tried answers i got from google/lists/etc ala pa rin.
thanks.
btw:
nss_ldap-215
pam_ldap-167 (and ver 159)
openldap-2.1.30
--
Edelberto S. Mania
CISP/NOC
--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
