On Wednesday, 18 August 2010 22:26:38 weigao88@gmail.com wrote:
Hello Buchan
I am running the rpm package openldap server 2.3 that comes with CentOS 5.4
So test this client from the "server".
and my ldap client is CentOS 4. Looks like there is no ldapwhoami -e ppolicy option on CentOS4 client, as you can see below. I also copy and paste the client's /etc/pam.d/system-auth below.
[user1@ldapclient ~]$ ldapwhoami -e ppolicy Invalid general control name: ppolicy Issue LDAP Who am I? operation to request user's authzid
usage: ldapwhoami [options]
You will of course actually have to *read* the usage instructions, and supply suitable options/values.
[user1@ldapclient ~]$ cat /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow account sufficient /lib/security/$ISA/pam_localuser.so account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so account required /lib/security/$ISA/pam_permit.so
I usually go for something more like:
account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_ldap.so account required pam_deny.so
But, if you aren't going to bother to learn how PAM works, you probably shouldn't be taking advice from random strangers on the internet.
Regards, Buchan