try chuser SYSTEM=LDAP registry=LDAP [USER]
Mit freundlichen Grüßen
Howard ALLISON
Pensionsversicherungsanstalt
Rechenzentrumsbetrieb
A-1021 Wien,
Friedrich-Hillegeist-Straße 1
E-Mail..:
howard.allison(a)pva.sozvers.at
Internet:
www.pensionsversicherung.at
openldap-technical-bounces(a)openldap.org wrote on 27.10.2010 10:37:08:
Stef Coene <stef.coene(a)docum.org>
Gesendet von: openldap-technical-bounces(a)openldap.org
27.10.2010 10:43
An
openldap-technical(a)openldap.org
Kopie
Thema
Re: AIX as openldap client
> > Oct 26 20:44:12 ldap1 slapd[28664]: Entry
> > (uid=xxx,ou=people,dc=xxx,dc=xxx), attribute 'shadowLastChange' not
> > allowed
> > Oct 26 20:44:12 ldap1 slapd[28664]: entry failed schema check:
attribute
> > 'shadowLastChange' not allowed
> >
> > Is this important?
>
> Yes, because either nis.schema or rfc2307bis.schema are missing.
I just reconfigured the openldap server and made sure nis and rfc2307bis
are
loaded. I created a test user with
objectClass: aixAuxAccount
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
I can login to my test linux server with this user but not on the
AIX server.
When I do a telnet to the AIX server, I can enter the username, but
before I
can enter the password, I get the error
3004-007 You entered an invalid login name or password.
For the password, this is stored in plain text when I add the user.
Before I
can login to the linux server, I have to change it with passwd and
after that,
the password is encrypted with {crypt} and I can login to the linux
client:
userPassword: {crypt}$1$.xxxxxxxxxxxxxxxxxxxxxxxx/
Can this be the problem? I don't know what encrytion AIX expects.
Stef
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit
http://www.messagelabs.com/email
______________________________________________________________________
--------------------------
VERTRAULICHKEIT: Diese Nachricht ist ausschließlich für denjenigen
bestimmt, an
den sie adressiert ist und kann vertrauliche Informationen enthalten. Falls
Sie nicht
der Empfänger dieser Nachricht sind, weisen wir Sie darauf hin, dass die
unberechtigte Weitergabe oder Verwendung sowie das unberechtigte Verteilen
oder
Kopieren dieser Nachricht strikt untersagt sind. Falls Sie diese Nachricht
irrtümlich
erhalten haben, vernichten Sie sie bitte sofort.
CONFIDENTIALITY: This message is intended only for the use of the
individuality or
entity to which it is addressed and may contain information that is
privileged,
confidential and exempt from disclosure. If you are not the intended
recipient you are
notified that any dissemination, distribution, use or copying of this
communication is
strictly prohibited. If you received this message in error, please
immediately destroy
this message.
--------------------------