Hi:
I'm trying to use openldap service to authenticate users of my openfire messenger with my already created users in /etc/passwd
but i have problems and i want help in two things
1.- in some information collected in internet found references about the backend passwd support claiming about not use this module because is not fully implemented (the read only condition is not a problem because i only want to authenticate my users in passwd) ... my first question is ... is operational this module ?
2.- if it is operational i have a several errors when i try to authenticate users with the message:
May 20 23:03:01 server slapd[6781]: conn=77 fd=8 ACCEPT from IP=127.0.0.1:42219 (IP=0.0.0.0:389) May 20 23:03:01 server slapd[6781]: conn=77 op=0 BIND dn="cn=root,dc=lachoza,dc=com,dc=mx" method=128 May 20 23:03:01 server slapd[6781]: conn=77 op=0 RESULT tag=97 err=53 text=operation not supported within naming context May 20 23:03:01 server slapd[6781]: conn=77 op=1 UNBIND May 20 23:03:01 server slapd[6781]: conn=77 fd=8 closed
my sldap.conf
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema allow bind_v2 pidfile /var/run/slapd.pid argsfile /var/run/slapd.args database passwd readonly yes suffix "dc=lachoza,dc=com,dc=mx" rootdn "cn=root,dc=lachoza,dc=com,dc=mx" rootpw $$$$$$$$ directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
Jorge Amador Arenas Quezada writes:
1.- in some information collected in internet found references about the backend passwd support claiming about not use this module because is not fully implemented (the read only condition is not a problem because i only want to authenticate my users in passwd) ... my first question is ... is operational this module ?
As the slapd-passwd(5) manpage says, "This backend is provided for demonstration purposes only".
May 20 23:03:01 server slapd[6781]: conn=77 op=0 BIND (...) text=operation not supported within naming context
Right. Search is the only operation that backend supports.
Though I suppose it could be useful to update it so it can be used for authentication. And to add an option which prohibits the "search the entire passwd file/database", since getpwent() is not reentrant so other passwd lookups are blocked while it's searching...
On the other hand, I think you can authenticate with passwords from getpwnam() already: Put userPassword: {UNIX}username in an entry, then it'll have that user's password.
database passwd (...) directory /var/lib/ldap index objectClass eq,pres
And it does not use "directory" nor indexes, since it does not maintain any data. It gets its data from getpwent()/getpwnam().
openldap-software@openldap.org
-
Hallvard B Furuseth -
Jorge Amador Arenas Quezada