Re: [Cooker] MDK 9.0: ldap authentication and userdrake
Spiderboy <[EMAIL PROTECTED]> writes: S> S> manually adding the user id's into the attribute "memberUid" S> resolves this problem. it seems that only this attribute is checked S> during logon to recognize group membership. S> Just a guess -- Look in /etc/ldap.conf for the setting of pam_login_attribute and pam_member_attribute. But I wish they had set it up to be more consistent with vdanen's excellent openldap tutorial from mandrakesecure.net. (My server is still running 8.2.) -- Aaron Peromsik <[EMAIL PROTECTED]> [For thinner oatmeal, add more water.]
[Cooker] MDK 9.0: ldap authentication and userdrake
hi all i am using userdrake to add users and groups to a ldap directory. userdrake creates objects of type "GroupOfUniqueNames" to store group membership. there it writes the distinguished names (dn) of the users belonging to the group into the attribute "uniqueMember". but such a user is never recognized by the system as a groupmember of the specific group. i tested this with the "id" command. manually adding the user id's into the attribute "memberUid" resolves this problem. it seems that only this attribute is checked during logon to recognize group membership. there should be one of the following to fix this isue: either change userdrake in a way, that it also writes "memberUid" not only "uniqueMember" or fix the authentication process (i don't know... is it nss_ldap?) so that it recognizes group membership stored as dn's in "uniqueMember" attribute. ...i would prefer a combination of both ;) spiderboy