asiani@free.fr skrev, on 04-02-2008 14:06:
I'm looking for a documentation of "howto configure getent with ldap", can you help me, i have problem with this fonction on centos 4.4
i can't get entries from ldap but i try to configure : /etc/pam.d/system-auth /etc/ldap.conf
You're mixing up nss_ldap and pam_ldap. The above files have mostly to do with pam_ldap, you should be looking at /etc/nsswitch.conf.
I'll grant you the Red Hat derived pam_ and nss_ldap libraries are very much mixed together in how far the nss library uses /etc/ldap.conf (far more than in the original Padl versions) but if getent with ldap doesn't work for you, it's far more likely that the fault is in nsswitch.conf than in ldap.conf. Exceptions are lines beginning with "nss_".
slapcat is ok
i do : smbpasswd -w mypassword
i put my conf at the bottom of this email,
/etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. # Modif by AS auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account required /lib/security/$ISA/pam_permit.so account sufficient /lib/security/$ISA/pam_ldap.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/$ISA/pam_deny.so password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_ldap.so
This is pure pam, has nothing to do with nss_ldap.
/etc/ldap.conf host 127.0.0.1
Ok.
#host 10.0.0.245 base dc=myDomain,dc=com rootbinddn cn=Manager,dc=myDomain,dc=com
Ok.
timelimit 120 bind_timelimit 120 idle_timelimit 3600 ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5
None of the above has anything to do with nss.
Best,
--Tonni