12:50 p.m.
Hi,
Some time ago, I configured an ubuntu intrepid as openldap server and I was
able to use it as authentication server for AIX 6.1.
I tried the same with an ubuntu maverick server, but I can not get it working
anymore. I can see all the user information on the AIX server. I can do 'su
- <user>' to become the user. But I can not login so I think there is a
problem with the password.
When I change the password of a user on the AIX server, I get these errors in
the logfile on the openldap server:
Oct 26 20:44:12 ldap1 slapd[28664]: Entry (uid=xxx,ou=people,dc=xxx,dc=xxx),
attribute 'shadowLastChange' not allowed
Oct 26 20:44:12 ldap1 slapd[28664]: entry failed schema check: attribute
'shadowLastChange' not allowed
Is this important?
The intrepid has version 2.4.11-0ubuntu6.2, the maverick has version
2.4.21-0ubuntu5.3.
I didn't noted down what I did on the intrepid server, but I can remember that
it asked a bunch of questions when I installed slapd. These initial steps are
removed from the maverick version. I also remember using the ldapinit
command.
How can I debug the difference between these 2 versions?
Using slapcat, I can see some differeces, but nothing that is important in my
opinion.
How can I debug the openldap server to see what's going on?
I can use the openldap server on a linux ldap client without problems.
Stef
PS I also tried to post this message to openldap-software(a)openldap.org, but I
got a 'Delivery status notification' saying that the user does not exist.
10:30 p.m.
Stef Coene <stef.coene(a)docum.org> writes:
Hi,
Some time ago, I configured an ubuntu intrepid as openldap server and I was
able to use it as authentication server for AIX 6.1.
I tried the same with an ubuntu maverick server, but I can not get it working
anymore. I can see all the user information on the AIX server. I can do 'su
- <user>' to become the user. But I can not login so I think there is a
problem with the password.
When I change the password of a user on the AIX server, I get these errors in
the logfile on the openldap server:
Oct 26 20:44:12 ldap1 slapd[28664]: Entry (uid=xxx,ou=people,dc=xxx,dc=xxx),
attribute 'shadowLastChange' not allowed
Oct 26 20:44:12 ldap1 slapd[28664]: entry failed schema check: attribute
'shadowLastChange' not allowed
Is this important?
Yes, because either nis.schema or rfc2307bis.schema are missing.
-Dieter
--
Dieter Klünter | Systemberatung
sip: 7770535(a)sipgate.de
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6
1:37 a.m.
> Oct 26 20:44:12 ldap1 slapd[28664]: Entry
> (uid=xxx,ou=people,dc=xxx,dc=xxx), attribute 'shadowLastChange' not
> allowed
> Oct 26 20:44:12 ldap1 slapd[28664]: entry failed schema check: attribute
> 'shadowLastChange' not allowed
>
> Is this important?
Yes, because either nis.schema or rfc2307bis.schema are missing.
I just
reconfigured the openldap server and made sure nis and rfc2307bis are
loaded. I created a test user with
objectClass: aixAuxAccount
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
I can login to my test linux server with this user but not on the AIX server.
When I do a telnet to the AIX server, I can enter the username, but before I
can enter the password, I get the error
3004-007 You entered an invalid login name or password.
For the password, this is stored in plain text when I add the user. Before I
can login to the linux server, I have to change it with passwd and after that,
the password is encrypted with {crypt} and I can login to the linux client:
userPassword: {crypt}$1$.xxxxxxxxxxxxxxxxxxxxxxxx/
Can this be the problem? I don't know what encrytion AIX expects.
Stef
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
1:48 a.m.
New subject: Antwort: Re: AIX as openldap client
try chuser SYSTEM=LDAP registry=LDAP [USER]
Mit freundlichen Grüßen
Howard ALLISON
Pensionsversicherungsanstalt
Rechenzentrumsbetrieb
A-1021 Wien,
Friedrich-Hillegeist-Straße 1
E-Mail..:
howard.allison(a)pva.sozvers.at
Internet:
www.pensionsversicherung.at
openldap-technical-bounces(a)openldap.org wrote on 27.10.2010 10:37:08:
Stef Coene <stef.coene(a)docum.org>
Gesendet von: openldap-technical-bounces(a)openldap.org
27.10.2010 10:43
An
openldap-technical(a)openldap.org
Kopie
Thema
Re: AIX as openldap client
> > Oct 26 20:44:12 ldap1 slapd[28664]: Entry
> > (uid=xxx,ou=people,dc=xxx,dc=xxx), attribute 'shadowLastChange' not
> > allowed
> > Oct 26 20:44:12 ldap1 slapd[28664]: entry failed schema check:
attribute
> > 'shadowLastChange' not allowed
> >
> > Is this important?
>
> Yes, because either nis.schema or rfc2307bis.schema are missing.
I just reconfigured the openldap server and made sure nis and rfc2307bis
are
loaded. I created a test user with
objectClass: aixAuxAccount
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
I can login to my test linux server with this user but not on the
AIX server.
When I do a telnet to the AIX server, I can enter the username, but
before I
can enter the password, I get the error
3004-007 You entered an invalid login name or password.
For the password, this is stored in plain text when I add the user.
Before I
can login to the linux server, I have to change it with passwd and
after that,
the password is encrypted with {crypt} and I can login to the linux
client:
userPassword: {crypt}$1$.xxxxxxxxxxxxxxxxxxxxxxxx/
Can this be the problem? I don't know what encrytion AIX expects.
Stef
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--------------------------
VERTRAULICHKEIT: Diese Nachricht ist ausschließlich für denjenigen
bestimmt, an
den sie adressiert ist und kann vertrauliche Informationen enthalten. Falls
Sie nicht
der Empfänger dieser Nachricht sind, weisen wir Sie darauf hin, dass die
unberechtigte Weitergabe oder Verwendung sowie das unberechtigte Verteilen
oder
Kopieren dieser Nachricht strikt untersagt sind. Falls Sie diese Nachricht
irrtümlich
erhalten haben, vernichten Sie sie bitte sofort.
CONFIDENTIALITY: This message is intended only for the use of the
individuality or
entity to which it is addressed and may contain information that is
privileged,
confidential and exempt from disclosure. If you are not the intended
recipient you are
notified that any dissemination, distribution, use or copying of this
communication is
strictly prohibited. If you received this message in error, please
immediately destroy
this message.
--------------------------
1:57 a.m.
Hi,
on AIX you don't need to retrieve the password from the ldap server. You can
configure AIX to ask the authentication process to the ldap server.
In the secldapclntd configuration file (/etc/security/ldap/ldap.cfg) you
have to configure these directives (lines took from my deployment):
# Authentication type. Valid values are unix_auth and ldap_auth.
# Default is unix_auth.
# unix_auth - Retrieve user password and authenticate user locally.
# ldap_auth - Bind to LDAP server to authenticate user remotely through
LDAP.
authtype:ldap_auth
# AIX-LDAP attribute map path.
userattrmappath:/etc/security/ldap/2307user.map
groupattrmappath:/etc/security/ldap/2307group.map
#idattrmappath:/etc/security/ldap/aixid.map
# LDAP class definitions.
userclasses:posixaccount,shadowaccount
#userclasses:aixaccount,ibm-securityidentities
#groupclasses:aixaccessgroup
# Search mode. Valid values are ALL and OS.
# Default is ALL.
# ALL - Returns all attributes of an entry.
# OS - Returns only the OS required attributes of an entry.
# Non-OS attributes like telephone number, binary images, etc.
# will not be returned.
#
# Note: Use OS only when user entry has many non-OS required attributes
# or attributes with large value, e.g. binary data, to reduce
# sorting effort by the LDAP server.
searchmode:OS
# Default user attribute entry location. Valid values are LDAP and local.
# The default is LDAP.
# LDAP - Use the default entry in LDAP.
# local - Use the default entry from /etc/security/user.
defaultentrylocation:local
You also have to assure yourself that in the file /etc/security/user you
have set these properties in association with your users located only local
to the system:
SYSTEM = "files"
registry = files
Hope this helps
Marco
On Wed, Oct 27, 2010 at 10:37 AM, Stef Coene <stef.coene(a)docum.org> wrote:
> > Oct 26 20:44:12 ldap1 slapd[28664]: Entry
> > (uid=xxx,ou=people,dc=xxx,dc=xxx), attribute 'shadowLastChange' not
> > allowed
> > Oct 26 20:44:12 ldap1 slapd[28664]: entry failed schema check:
attribute
> > 'shadowLastChange' not allowed
> >
> > Is this important?
>
> Yes, because either nis.schema or rfc2307bis.schema are missing.
I just reconfigured the openldap server and made sure nis and rfc2307bis
are
loaded. I created a test user with
objectClass: aixAuxAccount
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
I can login to my test linux server with this user but not on the AIX
server.
When I do a telnet to the AIX server, I can enter the username, but before
I
can enter the password, I get the error
3004-007 You entered an invalid login name or password.
For the password, this is stored in plain text when I add the user. Before
I
can login to the linux server, I have to change it with passwd and after
that,
the password is encrypted with {crypt} and I can login to the linux client:
userPassword: {crypt}$1$.xxxxxxxxxxxxxxxxxxxxxxxx/
Can this be the problem? I don't know what encrytion AIX expects.
Stef
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--
_________________________________________
Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
Jim Morrison
2 a.m.
Stef Coene <stef.coene(a)docum.org> writes:
> > Oct 26 20:44:12 ldap1 slapd[28664]: Entry
> > (uid=xxx,ou=people,dc=xxx,dc=xxx), attribute 'shadowLastChange' not
> > allowed
> > Oct 26 20:44:12 ldap1 slapd[28664]: entry failed schema check: attribute
> > 'shadowLastChange' not allowed
> >
> > Is this important?
>
> Yes, because either nis.schema or rfc2307bis.schema are missing.
I just reconfigured the openldap server and made sure nis and rfc2307bis are
loaded. I created a test user with
You may load either nis.schema or rfc2307bis.schema, but not both. I
depends on your PAM requirements, which one to load.
objectClass: aixAuxAccount
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
I can login to my test linux server with this user but not on the AIX server.
When I do a telnet to the AIX server, I can enter the username, but before I
can enter the password, I get the error
3004-007 You entered an invalid login name or password.
For the password, this is stored in plain text when I add the user. Before I
can login to the linux server, I have to change it with passwd and after that,
the password is encrypted with {crypt} and I can login to the linux client:
userPassword: {crypt}$1$.xxxxxxxxxxxxxxxxxxxxxxxx/
Can this be the problem? I don't know what encrytion AIX expects.
With regard to crypt, see
http://www.openldap.org/faq/data/cache/344.html
For more hashing algos see password-hash in slapd.conf(5). and
/etc/ldap.conf, pam_password.
-Dieter
--
Dieter Klünter | Systemberatung
sip: 7770535(a)sipgate.de
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6
2:32 a.m.
On Wednesday 27 October 2010, Dieter Kluenter wrote:
Stef Coene <stef.coene(a)docum.org> writes:
>> > Oct 26 20:44:12 ldap1 slapd[28664]: Entry
>> > (uid=xxx,ou=people,dc=xxx,dc=xxx), attribute 'shadowLastChange'
not
>> > allowed
>> > Oct 26 20:44:12 ldap1 slapd[28664]: entry failed schema check:
>> > attribute 'shadowLastChange' not allowed
>> >
>> > Is this important?
>>
>> Yes, because either nis.schema or rfc2307bis.schema are missing.
>
> I just reconfigured the openldap server and made sure nis and rfc2307bis
> are loaded. I created a test user with
You may load either nis.schema or rfc2307bis.schema, but not both. I
depends on your PAM requirements, which one to load.
I created a rfc2307bis.ldif
from the rfc2307bis.schema file.
If I load the rfc2307bis.ldif without nis.ldif, I get an error:
additional info: olcObjectClasses: AttributeType not found: "gecos"
So I think rfc2305bis dependes on nis...
Stef
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
3:38 a.m.
Stef Coene <stef.coene(a)docum.org> writes:
On Wednesday 27 October 2010, Dieter Kluenter wrote:
> Stef Coene <stef.coene(a)docum.org> writes:
> >> > Oct 26 20:44:12 ldap1 slapd[28664]: Entry
> >> > (uid=xxx,ou=people,dc=xxx,dc=xxx), attribute 'shadowLastChange'
not
> >> > allowed
> >> > Oct 26 20:44:12 ldap1 slapd[28664]: entry failed schema check:
> >> > attribute 'shadowLastChange' not allowed
> >> >
> >> > Is this important?
> >>
> >> Yes, because either nis.schema or rfc2307bis.schema are missing.
> >
> > I just reconfigured the openldap server and made sure nis and rfc2307bis
> > are loaded. I created a test user with
>
> You may load either nis.schema or rfc2307bis.schema, but not both. I
> depends on your PAM requirements, which one to load.
I created a rfc2307bis.ldif from the rfc2307bis.schema file.
If I load the rfc2307bis.ldif without nis.ldif, I get an error:
additional info: olcObjectClasses: AttributeType not found: "gecos"
So I think rfc2305bis dependes on nis...
No!
rfc2307bis.schema and nis.schema both provide attributetype gecos.
The only difference in fact is objectClass posixgroup, while
nis.schema declares this objectClass as structural, rfc2307bis.schema
declares this objectClass as auxiliary.
-Dieter
--
Dieter Klünter | Systemberatung
sip: 7770535(a)sipgate.de
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6
6:40 a.m.
Hi,
I finally had some time and I was able to solve my login problems on AIX.
I tried the same procedure on a clean AIX installation and I was able to logon
using my ldap server .
Thx eveybody for the response.
Special thx to Marco Pizzoli for the (off-topic) help.
Stef
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
6:49 a.m.
Hello Stef,
could you please point what you did to solve your problems as anybody
else could be interested in that solution. Unfortunately, these
machines are on my schedule, too. :)
Thank you.
On Mon, Nov 8, 2010 at 15:40, Stef Coene <stef.coene(a)docum.org> wrote:
Hi,
I finally had some time and I was able to solve my login problems on AIX.
I tried the same procedure on a clean AIX installation and I was able to logon
using my ldap server .
Thx eveybody for the response.
Special thx to Marco Pizzoli for the (off-topic) help.
Stef
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
be is to do -- Sartre | Do be do be do -- Sinatra
7:07 a.m.
On Monday 08 November 2010, you wrote:
Hello Stef,
could you please point what you did to solve your problems as anybody
else could be interested in that solution. Unfortunately, these
machines are on my schedule, too. :)
I'm documenting the steps I do to get it
working and the possible problems.
When I'm done, I will post them somewhere.
I also have to this on the production servers.
I still have some problems with the passwords. I have to change the password
from an AIX box before it works.
Stef
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
2:06 a.m.
On Monday, 8 November 2010 16:07:25 Stef Coene wrote:
On Monday 08 November 2010, you wrote:
> Hello Stef,
>
> could you please point what you did to solve your problems as anybody
> else could be interested in that solution. Unfortunately, these
> machines are on my schedule, too. :)
I'm documenting the steps I do to get it working and the possible problems.
When I'm done, I will post them somewhere.
I also have to this on the production servers.
I still have some problems with the passwords. I have to change the
password from an AIX box before it works.
What hash ends up in userPassword in this case? crypt? Real crypt(), with it's
8-character limit?
This normally indicates a problem in the configuration. On a Linux host, this
would typically indicate that nss_ldap was set up, but pam_ldap was not, and
authentication was working via
app->PAM->pam_unix->getspent(3)->nss->nss_ldap-
LDAP, whereas you may prefer app->PAM->pam_ldap (otherwise some
pam_ldap-
based authorization features don't work, password hashes are limited
to those
that are supported by all your clients etc.).
I don't have any access to our AIX hosts though ...
Regards,
Buchan
3:32 a.m.
Hi,
I add the user with ldapscripts on my ubuntu server.
First line is from AIX (command "lsldap -a passwd <user>"). Second line
is
from ldap server (command "ldapmodifyuser <user>")
paswoord entry with ldapadduser:
userPassword: {SSHA}n9+bpMYtHKOdKislrMXJQsI58JD/Dla3
userPassword:: e1NTSEF9bjkrYnBNWXRIS09kS2lzbHJNWEpRc0k1OEpEL0RsYTM=
-> works not for linux and aix client
password changed on AIX:
userPassword: {crypt}9/Sm0z8ESZNY.
userPassword:: e2NyeXB0fTkvU20wejhFU1pOWS4=
-> works for AIX and linux client
password changed on ubuntu client:
userPassword: {crypt}$1$orSXgBl0$6QDpVJNmJbTQy9KaM0LhT0
userPassword:: e2NyeXB0fSQxJG9yU1hnQmwwJDZRRHBWSk5tSmJUUXk5S2FNMExoVDA=
-> works for linux, not for aix
So, for AIX, only the 'short' crypt works. For linux, any crypt password
works.
For now, I only need authentication on AIX.
Stef
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
1:45 a.m.
Hi,
I still have problems with AIX clients. On AIX, you can choose between
ldap_auth and unix_auth.
When authtype=ldap_auth: AIX will send a bind request to the LDAP server using
the user's login and password. If the LDAP bind is successful, then the
user's password is considered valid.
When authtype=unix_auth: AIX will encrypt the password you entered and
compare it with the encrypted password in the "userpassword" field that's
stored in the user's entry on LDAP. So with unix_auth, AIX will send a search
to the LDAP server to retrieve the user's entry. The password validation is
done on the AIX client.
I don't want to use unix_auth. This limits the password to be encrypted with
{crypt} and that is not compatible with non-AIX clients.
The problem is that unx_auth is working and ldap_auth is not. (unx_auth is
working when I change the password from an AIX client)
I can 'see' the password in the ldap server output (debug mode -d 2) when I
try to login to the AIX client with ldap_auth.
When I use the ldapsearch command on the AIX server, I also get an error:
ldapsearch -h 172.30.222.20 -p 389 -D "uid=test,ou=People,dc=test,dc=intra" -w
secret -b "dc=test,dc=intra" objectclass=*
ldap_simple_bind: Invalid credentials
Is it possible that I can not do the bind as a regular user?
Stef
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
1:57 a.m.
Hi,
I attached the output from running slapd with -d 255 when doing ldapsearch
from the AIX client.
Stef
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
2:04 a.m.
Hello,
I just wanted to point you to the official guides from IBM howto
configure your AIX ldap client, which worked fine for me, except für
sudo-ldap, but that's another topic.
Section 7: http://www.redbooks.ibm.com/redbooks/pdfs/sg247165.pdf
Bye, Benjamin.
On Mon, Nov 15, 2010 at 10:45, Stef Coene <stef.coene(a)docum.org> wrote:
Hi,
I still have problems with AIX clients. On AIX, you can choose between
ldap_auth and unix_auth.
When authtype=ldap_auth: AIX will send a bind request to the LDAP server
using the user's login and password. If the LDAP bind is successful, then
the user's password is considered valid.
When authtype=unix_auth: AIX will encrypt the password you entered and
compare it with the encrypted password in the "userpassword" field that's
stored in the user's entry on LDAP. So with unix_auth, AIX will send a
search to the LDAP server to retrieve the user's entry. The password
validation is done on the AIX client.
I don't want to use unix_auth. This limits the password to be encrypted with
{crypt} and that is not compatible with non-AIX clients.
The problem is that unx_auth is working and ldap_auth is not. (unx_auth is
working when I change the password from an AIX client)
I can 'see' the password in the ldap server output (debug mode -d 2) when I
try to login to the AIX client with ldap_auth.
When I use the ldapsearch command on the AIX server, I also get an error:
ldapsearch -h 172.30.222.20 -p 389 -D "uid=test,ou=People,dc=test,dc=intra"
-w secret -b "dc=test,dc=intra" objectclass=*
ldap_simple_bind: Invalid credentials
Is it possible that I can not do the bind as a regular user?
Stef
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
be is to do -- Sartre | Do be do be do -- Sinatra
4:27 a.m.
On Monday 15 November 2010, Benjamin Griese wrote:
Hello,
I just wanted to point you to the official guides from IBM howto
configure your AIX ldap client, which worked fine for me, except für
sudo-ldap, but that's another topic.
Section 7: http://www.redbooks.ibm.com/redbooks/pdfs/sg247165.pdf
I have read the
redbook.
What ldap server are you running? I'm using ubuntu server 10.04.
I think my problem is that I can not bind to the ldap server as a regular user
with the ldapsearch command. I can only bind as the admin specfied as
olcRootDN with password olcRootPW.
I attached the 2 ldif files I use to configure the ldap server. I hope that
someone can find en error in it ....
I also noted that the userPassword entry for cn=admin,dc=axi,dc=intra is not
encrypted. How can I generate an encrypted password? Can this be a {SHA} or
has it to be a {SSHA}?
Stef
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
5:15 a.m.
Hi Stef,
olcAccess: to dn.subtree="ou=People,dc=test,dc=intra"
attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=example,dc=com" write
by anonymous auth
by self write
by * auth
olcAccess: to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=test,dc=intra" write
by anonymous auth
by * none
- I can see here that you somehow changed the olcRootDN in the first
ACL which doesn't fit to the baseDN defined
- I wouldn't use the 2nd ACL, because all neccessary is done in the
first one (as far as userPassword/shadow* is only used in the people
subtree)
I'll show you one example from my tree:
olcAccess: {0}to attrs=userPassword,shadowLastChange by
dn="cn=ldapadm,dc=example,dc=de" write by anonymous auth by self
write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=ldapadm,dc=example,dc=de" write by * read
Please check if that is going to work for you.
Bye, Benjamin.
PS: I am doing anonymous binds for logins from the AIX LDAP-Clients to
the OpenLDAP-Server. Right now I am fiddling around with SSL und the
keydatabases.
On Mon, Nov 15, 2010 at 13:27, Stef Coene <stef.coene(a)docum.org> wrote:
On Monday 15 November 2010, Benjamin Griese wrote:
> Hello,
>
> I just wanted to point you to the official guides from IBM howto
> configure your AIX ldap client, which worked fine for me, except für
> sudo-ldap, but that's another topic.
>
> Section 7: http://www.redbooks.ibm.com/redbooks/pdfs/sg247165.pdf
I have read the redbook.
What ldap server are you running? I'm using ubuntu server 10.04.
I think my problem is that I can not bind to the ldap server as a regular user
with the ldapsearch command. I can only bind as the admin specfied as
olcRootDN with password olcRootPW.
I attached the 2 ldif files I use to configure the ldap server. I hope that
someone can find en error in it ....
I also noted that the userPassword entry for cn=admin,dc=axi,dc=intra is not
encrypted. How can I generate an encrypted password? Can this be a {SHA} or
has it to be a {SSHA}?
Stef
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
be is to do -- Sartre | Do be do be do -- Sinatra
4508
days inactive
4528
days old
openldap-technical@openldap.org
17 comments
6 participants
participants (6)
-
Benjamin Griese -
Buchan Milne -
Dieter Kluenter -
Howard Allison -
Marco Pizzoli -
Stef Coene