Hello,
I just wanted to point you to the official guides from IBM howto configure your AIX ldap client, which worked fine for me, except für sudo-ldap, but that's another topic.
Section 7: http://www.redbooks.ibm.com/redbooks/pdfs/sg247165.pdf
Bye, Benjamin.
On Mon, Nov 15, 2010 at 10:45, Stef Coene stef.coene@docum.org wrote:
Hi,
I still have problems with AIX clients. On AIX, you can choose between ldap_auth and unix_auth.
When authtype=ldap_auth: AIX will send a bind request to the LDAP server using the user's login and password. If the LDAP bind is successful, then the user's password is considered valid.
When authtype=unix_auth: AIX will encrypt the password you entered and compare it with the encrypted password in the "userpassword" field that's stored in the user's entry on LDAP. So with unix_auth, AIX will send a search to the LDAP server to retrieve the user's entry. The password validation is done on the AIX client.
I don't want to use unix_auth. This limits the password to be encrypted with {crypt} and that is not compatible with non-AIX clients.
The problem is that unx_auth is working and ldap_auth is not. (unx_auth is working when I change the password from an AIX client)
I can 'see' the password in the ldap server output (debug mode -d 2) when I try to login to the AIX client with ldap_auth.
When I use the ldapsearch command on the AIX server, I also get an error:
ldapsearch -h 172.30.222.20 -p 389 -D "uid=test,ou=People,dc=test,dc=intra" -w secret -b "dc=test,dc=intra" objectclass=*
ldap_simple_bind: Invalid credentials
Is it possible that I can not do the bind as a regular user?
Stef
This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________