[Lias] Re: [OpenLDAP] - Some success
Craig Ringer
craig at postnewspapers.com.au
Thu Dec 18 15:09:02 UTC 2003
>>Try:
>>
>> ldapsearch -x -h localhost
>
> This still just gives this:
>
> ldapsearch -x -h localhost
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope sub
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 0 Success
Aha. If you add ' -b $YOUR_BASE_DN ' it might work. If so, you need to
modify your ldap _client_ configuration to use the right base DN by
default. The location of the config file is distro dependent :-( but
tends to be /etc/ldap/ldap.conf or /etc/openldap/ldap.conf .
>>and see if the user is listed. If so, try
>>
>> ldapserch -x -D $USER_DN -w
>
>
> But this gives a complete listing!
> After a lot of fiddling abd editing of files ....................
> I can now ssh etc as one of the ldap users (provided they are a posix user with a
> shell!)
cool.
> It seems amazing the number of places you have to put the rootdn password in cleartext!
> Onward and upward!
You should _never_ need the rootdn password on a client to perform LDAP
authentication. It's only needed if you want root on a client to be able
to change anybody's password. If you need the rootdn password entered
anywhere in the client config (libnss_ldap or libpam_ldap's config
files) something else is probably wrong.
Craig Ringer
More information about the lias
mailing list