Stef Coene stef.coene@docum.org writes:
Oct 26 20:44:12 ldap1 slapd[28664]: Entry (uid=xxx,ou=people,dc=xxx,dc=xxx), attribute 'shadowLastChange' not allowed Oct 26 20:44:12 ldap1 slapd[28664]: entry failed schema check: attribute 'shadowLastChange' not allowed
Is this important?
Yes, because either nis.schema or rfc2307bis.schema are missing.
I just reconfigured the openldap server and made sure nis and rfc2307bis are loaded. I created a test user with
You may load either nis.schema or rfc2307bis.schema, but not both. I depends on your PAM requirements, which one to load.
objectClass: aixAuxAccount objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson
I can login to my test linux server with this user but not on the AIX server. When I do a telnet to the AIX server, I can enter the username, but before I can enter the password, I get the error 3004-007 You entered an invalid login name or password.
For the password, this is stored in plain text when I add the user. Before I can login to the linux server, I have to change it with passwd and after that, the password is encrypted with {crypt} and I can login to the linux client: userPassword: {crypt}$1$.xxxxxxxxxxxxxxxxxxxxxxxx/ Can this be the problem? I don't know what encrytion AIX expects.
With regard to crypt, see http://www.openldap.org/faq/data/cache/344.html For more hashing algos see password-hash in slapd.conf(5). and /etc/ldap.conf, pam_password.
-Dieter