Hi,
My client is installed with RHEL 6.0 and I am using OpenLDAP 2.4. When the box loses connection with the ldap server, even the root cannot log in as it tries to bind with the ldap server. This can be seen when I log in with root and the message below appears :
sshd: pam_ldap: error trying to bind as user "uid=root, ou=People, dc=example,dc=com" (Invalid credentials).
My root user is not even in the ldap database. When connection is fine, the message above does not affect the login of root. The login of root is only screwed up when the box loses connectivity.
Attached are my pam.d/system-auth file, pam.d/login, pam./dsshd and ldap.conf files.
I have been googling around but some either switch to kerberos, or the question is left unatttended to. Please help. I can only resort to restarting the box whenever this happens. How can I configure the ldap so that local users can login when there's no connectivity to ldap server?
Thanks heaps!
On Thu, 22 Mar 2012, SYeen Su wrote:
sshd: pam_ldap: error trying to bind as user "uid=root, ou=People, dc=example,dc=com" (Invalid credentials).
My root user is not even in the ldap database.
Then obviously your root user must be specified somewhere else. Perhaps that "somewhere else" should be specified earlier than LDAP in your PAM configuration, since you're implying that the "somewhere else" data is more important than the LDAP data?
Hi Aaron,
Root is featured in /etc/passwd. Look at the entry below that is taken from my /etc/passwd :
cat /etc/passwd root:x:0:0:root:/root:/bin/bash
And my /etc/nsswitch.conf file : passwd: files ldap shadow: files ldap group: files ldap
If I tweak the sequence to ldap files, then root can't login at all!
On Thu, Mar 22, 2012 at 8:40 PM, Aaron Richton richton@nbcs.rutgers.eduwrote:
On Thu, 22 Mar 2012, SYeen Su wrote:
sshd: pam_ldap: error trying to bind as user "uid=root, ou=People,
dc=example,dc=com" (Invalid credentials).
My root user is not even in the ldap database.
Then obviously your root user must be specified somewhere else. Perhaps that "somewhere else" should be specified earlier than LDAP in your PAM configuration, since you're implying that the "somewhere else" data is more important than the LDAP data?
Try setting your timelimt and bind_timelimit to something like a bit lower.
timelimit 4
bind_timelimit 4
Date: Thu, 22 Mar 2012 17:03:56 +0800 Subject: Root not allowed to login From: seauyeen@mgrc.com.my To: openldap-technical@openldap.org
Hi,
My client is installed with RHEL 6.0 and I am using OpenLDAP 2.4. When the box loses connection with the ldap server, even the root cannot log in as it tries to bind with the ldap server. This can be seen when I log in with root and the message below appears :
sshd: pam_ldap: error trying to bind as user "uid=root, ou=People, dc=example,dc=com" (Invalid credentials).
My root user is not even in the ldap database. When connection is fine, the message above does not affect the login of root. The login of root is only screwed up when the box loses connectivity.
Attached are my pam.d/system-auth file, pam.d/login, pam./dsshd and ldap.conf files.
I have been googling around but some either switch to kerberos, or the question is left unatttended to. Please help. I can only resort to restarting the box whenever this happens. How can I configure the ldap so that local users can login when there's no connectivity to ldap server?
Thanks heaps!
Hi Michael,
I have changed the timelimit and bind_timelimit to 4 but it still checks with ldap immediately ( I mean when root logs in ). i doubt it has anything to do with the time because it checks immediately without any delay.
On Thu, Mar 22, 2012 at 9:51 PM, Michael Starling mlstarling31@hotmail.comwrote:
Try setting your timelimt and bind_timelimit to something like a bit lower.
timelimit 4
bind_timelimit 4
Date: Thu, 22 Mar 2012 17:03:56 +0800 Subject: Root not allowed to login From: seauyeen@mgrc.com.my To: openldap-technical@openldap.org
Hi,
My client is installed with RHEL 6.0 and I am using OpenLDAP 2.4. When the box loses connection with the ldap server, even the root cannot log in as it tries to bind with the ldap server. This can be seen when I log in with root and the message below appears :
sshd: pam_ldap: error trying to bind as user "uid=root, ou=People, dc=example,dc=com" (Invalid credentials).
My root user is not even in the ldap database. When connection is fine, the message above does not affect the login of root. The login of root is only screwed up when the box loses connectivity.
Attached are my pam.d/system-auth file, pam.d/login, pam./dsshd and ldap.conf files.
I have been googling around but some either switch to kerberos, or the question is left unatttended to. Please help. I can only resort to restarting the box whenever this happens. How can I configure the ldap so that local users can login when there's no connectivity to ldap server?
Thanks heaps!
--
MGRC - *Sequence. Analyse. Innovate.* *Su Seau Yeen
Manager, IT Operations
*Malaysian Genomics Resource Centre Berhad (MGRC)*
T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | www.mgrc.com.my
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
The timeouts are how long to wait for ldap to respond. It should check local (normally via pam) next.
We have our user's in LDAP and can still login using the local accounts.
Your issue isn't an LDAP problem, it's a pam/nsswitch/local issue.
- chris
Chris Jacobs Systems Administrator, Technology Services Group
Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. 1501 4th Ave | Suite 2500 | Seattle, WA 98101 direct 206.839.8245 | cell 206.601.3256 | Fax 206.644.0628 email: chris.jacobs@apollogrp.edu
________________________________ From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: Michael Starling mlstarling31@hotmail.com Cc: openldap openldap-technical@openldap.org Sent: Thu Mar 22 18:10:55 2012 Subject: Re: Root not allowed to login
Hi Michael,
I have changed the timelimit and bind_timelimit to 4 but it still checks with ldap immediately ( I mean when root logs in ). i doubt it has anything to do with the time because it checks immediately without any delay.
On Thu, Mar 22, 2012 at 9:51 PM, Michael Starling <mlstarling31@hotmail.commailto:mlstarling31@hotmail.com> wrote: Try setting your timelimt and bind_timelimit to something like a bit lower.
timelimit 4
bind_timelimit 4
________________________________ Date: Thu, 22 Mar 2012 17:03:56 +0800 Subject: Root not allowed to login From: seauyeen@mgrc.com.mymailto:seauyeen@mgrc.com.my To: openldap-technical@openldap.orgmailto:openldap-technical@openldap.org
Hi,
My client is installed with RHEL 6.0 and I am using OpenLDAP 2.4. When the box loses connection with the ldap server, even the root cannot log in as it tries to bind with the ldap server. This can be seen when I log in with root and the message below appears :
sshd: pam_ldap: error trying to bind as user "uid=root, ou=People, dc=example,dc=com" (Invalid credentials).
My root user is not even in the ldap database. When connection is fine, the message above does not affect the login of root. The login of root is only screwed up when the box loses connectivity.
Attached are my pam.d/system-auth file, pam.d/login, pam./dsshd and ldap.conf files.
I have been googling around but some either switch to kerberos, or the question is left unatttended to. Please help. I can only resort to restarting the box whenever this happens. How can I configure the ldap so that local users can login when there's no connectivity to ldap server?
Thanks heaps!
--
________________________________
MGRC - Sequence. Analyse. Innovate.
Su Seau Yeen Manager, IT Operations
Malaysian Genomics Resource Centre Berhad (MGRC) T: +6 03 2283 1820tel:%2B6%C2%A003%C2%A02283%C2%A01820 | F: +6 03 2282 8102tel:%2B6%C2%A003%C2%A02282%C2%A08102 | M: +6 012 6784642tel:%2B6%C2%A0012%C2%A06784642 | www.mgrc.com.myhttp://www.mgrc.com.my/
________________________________
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
--
________________________________
MGRC - Sequence. Analyse. Innovate.
Su Seau Yeen Manager, IT Operations
Malaysian Genomics Resource Centre Berhad (MGRC) T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | www.mgrc.com.myhttp://www.mgrc.com.my/
________________________________
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
________________________________ This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
Hi Chris,
That's what I suspect too but I am not sure how else to tweak my pam and nsswitch files. Do you have any suggestions? Below is my pam.d/system-auth file and my nsswitch file excerpt has been attached previously.
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so
account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 dcredit=-2 ucredit=-2 lcredit=-2 ocredit=-2 minlen=8 type=strong password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so
session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so
Is there anything amiss with my pam file? If you need to have a look at my login and sshd pam file, please tell me so.
Thanks a lot.
On Fri, Mar 23, 2012 at 9:17 AM, Chris Jacobs Chris.Jacobs@apollogrp.eduwrote:
The timeouts are how long to wait for ldap to respond. It should check local (normally via pam) next.
We have our user's in LDAP and can still login using the local accounts.
Your issue isn't an LDAP problem, it's a pam/nsswitch/local issue.
- chris
Chris Jacobs Systems Administrator, Technology Services Group
Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. 1501 4th Ave | Suite 2500 | Seattle, WA 98101 direct 206.839.8245 | cell 206.601.3256 | Fax 206.644.0628 email: chris.jacobs@apollogrp.edu
*From*: openldap-technical-bounces@OpenLDAP.orgopenldap-technical-bounces@OpenLDAP.org
*To*: Michael Starling mlstarling31@hotmail.com *Cc*: openldap openldap-technical@openldap.org *Sent*: Thu Mar 22 18:10:55 2012 *Subject*: Re: Root not allowed to login
Hi Michael,
I have changed the timelimit and bind_timelimit to 4 but it still checks with ldap immediately ( I mean when root logs in ). i doubt it has anything to do with the time because it checks immediately without any delay.
On Thu, Mar 22, 2012 at 9:51 PM, Michael Starling < mlstarling31@hotmail.com> wrote:
Try setting your timelimt and bind_timelimit to something like a bit lower.
timelimit 4
bind_timelimit 4
Date: Thu, 22 Mar 2012 17:03:56 +0800 Subject: Root not allowed to login From: seauyeen@mgrc.com.my To: openldap-technical@openldap.org
Hi,
My client is installed with RHEL 6.0 and I am using OpenLDAP 2.4. When the box loses connection with the ldap server, even the root cannot log in as it tries to bind with the ldap server. This can be seen when I log in with root and the message below appears :
sshd: pam_ldap: error trying to bind as user "uid=root, ou=People, dc=example,dc=com" (Invalid credentials).
My root user is not even in the ldap database. When connection is fine, the message above does not affect the login of root. The login of root is only screwed up when the box loses connectivity.
Attached are my pam.d/system-auth file, pam.d/login, pam./dsshd and ldap.conf files.
I have been googling around but some either switch to kerberos, or the question is left unatttended to. Please help. I can only resort to restarting the box whenever this happens. How can I configure the ldap so that local users can login when there's no connectivity to ldap server?
Thanks heaps!
--
------------------------------ MGRC - *Sequence. Analyse. Innovate.* *Su Seau Yeen
Manager, IT Operations
*Malaysian Genomics Resource Centre Berhad (MGRC)*
T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | www.mgrc.com.my ------------------------------
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
--
------------------------------ MGRC - *Sequence. Analyse. Innovate.* *Su Seau Yeen
Manager, IT Operations
*Malaysian Genomics Resource Centre Berhad (MGRC)*
T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | www.mgrc.com.my ------------------------------
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
Again, this isn't an openldap issue, but...
Your /etc/pam.d/system-auth-ac file looks fine to me - it matches both our CentOS5 and CentOS6 machines.
I looked and was unable to find any attachments or included snippets from your /etc/nsswitch.conf file.
On our systems using PADL's pam_ldap, you should have in there: passwd: files ldap shadow: files ldap group: files ldap
Digression: I'm a little surprised you're using pam's padl software. Between nss-pam-ldapd and sssd we decided to embrace the apparent future and have successfully moved to sssd for our CentOS 6 boxes. ** This doesn't impact your problem though. **
Chris Jacobs, Jr. Unix System Administrator Apollo Group | Apollo Marketing | ITG 2001 6th Ave, Suite 3200 | Seattle, WA 98121-2522 phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661 email: chris.jacobs@apollogrp.edumailto:chris.jacobs@apollogrp.edu
________________________________ From: SYeen Su [seauyeen@mgrc.com.my] Sent: Thursday, March 22, 2012 6:22 PM To: Chris Jacobs Cc: mlstarling31@hotmail.com; openldap-technical@openldap.org Subject: Re: Root not allowed to login
Hi Chris,
That's what I suspect too but I am not sure how else to tweak my pam and nsswitch files. Do you have any suggestions? Below is my pam.d/system-auth file and my nsswitch file excerpt has been attached previously.
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so
account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 dcredit=-2 ucredit=-2 lcredit=-2 ocredit=-2 minlen=8 type=strong password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so
session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so
Is there anything amiss with my pam file? If you need to have a look at my login and sshd pam file, please tell me so.
Thanks a lot.
On Fri, Mar 23, 2012 at 9:17 AM, Chris Jacobs <Chris.Jacobs@apollogrp.edumailto:Chris.Jacobs@apollogrp.edu> wrote: The timeouts are how long to wait for ldap to respond. It should check local (normally via pam) next.
We have our user's in LDAP and can still login using the local accounts.
Your issue isn't an LDAP problem, it's a pam/nsswitch/local issue.
- chris
Chris Jacobs Systems Administrator, Technology Services Group
Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. 1501 4th Ave | Suite 2500 | Seattle, WA 98101 direct 206.839.8245tel:206.839.8245 | cell 206.601.3256tel:206.601.3256 | Fax 206.644.0628tel:206.644.0628 email: chris.jacobs@apollogrp.edumailto:chris.jacobs@apollogrp.edu
________________________________ From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: Michael Starling <mlstarling31@hotmail.commailto:mlstarling31@hotmail.com> Cc: openldap <openldap-technical@openldap.orgmailto:openldap-technical@openldap.org> Sent: Thu Mar 22 18:10:55 2012 Subject: Re: Root not allowed to login
Hi Michael,
I have changed the timelimit and bind_timelimit to 4 but it still checks with ldap immediately ( I mean when root logs in ). i doubt it has anything to do with the time because it checks immediately without any delay.
On Thu, Mar 22, 2012 at 9:51 PM, Michael Starling <mlstarling31@hotmail.commailto:mlstarling31@hotmail.com> wrote: Try setting your timelimt and bind_timelimit to something like a bit lower.
timelimit 4
bind_timelimit 4
________________________________ Date: Thu, 22 Mar 2012 17:03:56 +0800 Subject: Root not allowed to login From: seauyeen@mgrc.com.mymailto:seauyeen@mgrc.com.my To: openldap-technical@openldap.orgmailto:openldap-technical@openldap.org
Hi,
My client is installed with RHEL 6.0 and I am using OpenLDAP 2.4. When the box loses connection with the ldap server, even the root cannot log in as it tries to bind with the ldap server. This can be seen when I log in with root and the message below appears :
sshd: pam_ldap: error trying to bind as user "uid=root, ou=People, dc=example,dc=com" (Invalid credentials).
My root user is not even in the ldap database. When connection is fine, the message above does not affect the login of root. The login of root is only screwed up when the box loses connectivity.
Attached are my pam.d/system-auth file, pam.d/login, pam./dsshd and ldap.conf files.
I have been googling around but some either switch to kerberos, or the question is left unatttended to. Please help. I can only resort to restarting the box whenever this happens. How can I configure the ldap so that local users can login when there's no connectivity to ldap server?
Thanks heaps!
--
________________________________
MGRC - Sequence. Analyse. Innovate.
Su Seau Yeen Manager, IT Operations
Malaysian Genomics Resource Centre Berhad (MGRC) T: +6 03 2283 1820tel:%2B6%C2%A003%C2%A02283%C2%A01820 | F: +6 03 2282 8102tel:%2B6%C2%A003%C2%A02282%C2%A08102 | M: +6 012 6784642tel:%2B6%C2%A0012%C2%A06784642 | www.mgrc.com.myhttp://www.mgrc.com.my/
________________________________
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
--
________________________________
MGRC - Sequence. Analyse. Innovate.
Su Seau Yeen Manager, IT Operations
Malaysian Genomics Resource Centre Berhad (MGRC) T: +6 03 2283 1820tel:%2B6%C2%A003%C2%A02283%C2%A01820 | F: +6 03 2282 8102tel:%2B6%C2%A003%C2%A02282%C2%A08102 | M: +6 012 6784642tel:%2B6%C2%A0012%C2%A06784642 | www.mgrc.com.myhttp://www.mgrc.com.my/
________________________________
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
________________________________ This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
--
________________________________
MGRC - Sequence. Analyse. Innovate.
Su Seau Yeen Manager, IT Operations
Malaysian Genomics Resource Centre Berhad (MGRC) T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | www.mgrc.com.myhttp://www.mgrc.com.my/
________________________________
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
________________________________ This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
Hi Chris,
Exactly, all my configuration seems correct as I have compared. Hmm let's just say i am not familiar with sssd and to migrate to sssd, I think i gotta spend some time studying it. So, i know, i took the easy way out by just porting over my previous ldap configuration to RHEL6.
Anyway, my snippets from /etc/nsswitch.conf file as below:
*passwd: files ldap shadow: files ldap group: files ldap * It matches yours too, right? If i put the sequence the other way round, root practically cannot log in at all!
What else do I need to configure on my client side? I am lost!
On Fri, Mar 23, 2012 at 10:10 AM, Chris Jacobs Chris.Jacobs@apollogrp.eduwrote:
Again, this isn't an openldap issue, but...
Your /etc/pam.d/system-auth-ac file looks fine to me - it matches both our CentOS5 and CentOS6 machines.
I looked and was unable to find any attachments or included snippets from your /etc/nsswitch.conf file.
On our systems using PADL's pam_ldap, you should have in there: passwd: files ldap shadow: files ldap group: files ldap
Digression: I'm a little surprised you're using pam's padl software. Between nss-pam-ldapd and sssd we decided to embrace the apparent future and have successfully moved to sssd for our CentOS 6 boxes. ** This doesn't impact your problem though. **
*Chris Jacobs,** *Jr. Unix System Administrator Apollo Group | Apollo Marketing | ITG
2001 6th Ave, Suite 3200 | Seattle, WA 98121-2522 phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661
email: chris.jacobs@apollogrp.edu
*From:* SYeen Su [seauyeen@mgrc.com.my] *Sent:* Thursday, March 22, 2012 6:22 PM *To:* Chris Jacobs *Cc:* mlstarling31@hotmail.com; openldap-technical@openldap.org
*Subject:* Re: Root not allowed to login
Hi Chris,
That's what I suspect too but I am not sure how else to tweak my pam and nsswitch files. Do you have any suggestions? Below is my pam.d/system-auth file and my nsswitch file excerpt has been attached previously.
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so
account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 dcredit=-2 ucredit=-2 lcredit=-2 ocredit=-2 minlen=8 type=strong password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so
session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so
Is there anything amiss with my pam file? If you need to have a look at my login and sshd pam file, please tell me so.
Thanks a lot.
On Fri, Mar 23, 2012 at 9:17 AM, Chris Jacobs Chris.Jacobs@apollogrp.eduwrote:
The timeouts are how long to wait for ldap to respond. It should check local (normally via pam) next.
We have our user's in LDAP and can still login using the local accounts.
Your issue isn't an LDAP problem, it's a pam/nsswitch/local issue.
- chris
Chris Jacobs Systems Administrator, Technology Services Group
Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. 1501 4th Ave | Suite 2500 | Seattle, WA 98101 direct 206.839.8245 | cell 206.601.3256 | Fax 206.644.0628 email: chris.jacobs@apollogrp.edu
*From*: openldap-technical-bounces@OpenLDAP.orgopenldap-technical-bounces@OpenLDAP.org
*To*: Michael Starling mlstarling31@hotmail.com *Cc*: openldap openldap-technical@openldap.org *Sent*: Thu Mar 22 18:10:55 2012 *Subject*: Re: Root not allowed to login
Hi Michael,
I have changed the timelimit and bind_timelimit to 4 but it still checks with ldap immediately ( I mean when root logs in ). i doubt it has anything to do with the time because it checks immediately without any delay.
On Thu, Mar 22, 2012 at 9:51 PM, Michael Starling < mlstarling31@hotmail.com> wrote:
Try setting your timelimt and bind_timelimit to something like a bit lower.
timelimit 4
bind_timelimit 4
Date: Thu, 22 Mar 2012 17:03:56 +0800 Subject: Root not allowed to login From: seauyeen@mgrc.com.my To: openldap-technical@openldap.org
Hi,
My client is installed with RHEL 6.0 and I am using OpenLDAP 2.4. When the box loses connection with the ldap server, even the root cannot log in as it tries to bind with the ldap server. This can be seen when I log in with root and the message below appears :
sshd: pam_ldap: error trying to bind as user "uid=root, ou=People, dc=example,dc=com" (Invalid credentials).
My root user is not even in the ldap database. When connection is fine, the message above does not affect the login of root. The login of root is only screwed up when the box loses connectivity.
Attached are my pam.d/system-auth file, pam.d/login, pam./dsshd and ldap.conf files.
I have been googling around but some either switch to kerberos, or the question is left unatttended to. Please help. I can only resort to restarting the box whenever this happens. How can I configure the ldap so that local users can login when there's no connectivity to ldap server?
Thanks heaps!
--
------------------------------ MGRC - *Sequence. Analyse. Innovate.* *Su Seau Yeen
Manager, IT Operations
*Malaysian Genomics Resource Centre Berhad (MGRC)*
T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | www.mgrc.com.my ------------------------------
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
--
------------------------------ MGRC - *Sequence. Analyse. Innovate.* *Su Seau Yeen
Manager, IT Operations
*Malaysian Genomics Resource Centre Berhad (MGRC)*
T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | www.mgrc.com.my ------------------------------
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
--
------------------------------ MGRC - *Sequence. Analyse. Innovate.* *Su Seau Yeen
Manager, IT Operations
*Malaysian Genomics Resource Centre Berhad (MGRC)*
T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | www.mgrc.com.my ------------------------------
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
Syeen,
Are you trying to login remotely? Or at the local console?
If remotely, this may be standard behavior as usually PermitRootLogin is set to no in /etc/ssh/sshd_config - which I would NOT recommend changing. During an outage, local console access would have to be used (via ILO, some KVM over IP, etc, solution).
Other than that, everything in your system-auth-ac and nsswitch.conf look fine to me.
- chris
Chris Jacobs, Jr. Unix System Administrator Apollo Group | Apollo Marketing | ITG 2001 6th Ave, Suite 3200 | Seattle, WA 98121-2522 phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661 email: chris.jacobs@apollogrp.edumailto:chris.jacobs@apollogrp.edu
________________________________ From: SYeen Su [seauyeen@mgrc.com.my] Sent: Thursday, March 22, 2012 7:13 PM To: Chris Jacobs Cc: mlstarling31@hotmail.com; openldap-technical@openldap.org Subject: Re: Root not allowed to login
Hi Chris,
Exactly, all my configuration seems correct as I have compared. Hmm let's just say i am not familiar with sssd and to migrate to sssd, I think i gotta spend some time studying it. So, i know, i took the easy way out by just porting over my previous ldap configuration to RHEL6.
Anyway, my snippets from /etc/nsswitch.conf file as below:
passwd: files ldap shadow: files ldap group: files ldap
It matches yours too, right? If i put the sequence the other way round, root practically cannot log in at all!
What else do I need to configure on my client side? I am lost!
On Fri, Mar 23, 2012 at 10:10 AM, Chris Jacobs <Chris.Jacobs@apollogrp.edumailto:Chris.Jacobs@apollogrp.edu> wrote: Again, this isn't an openldap issue, but...
Your /etc/pam.d/system-auth-ac file looks fine to me - it matches both our CentOS5 and CentOS6 machines.
I looked and was unable to find any attachments or included snippets from your /etc/nsswitch.conf file.
On our systems using PADL's pam_ldap, you should have in there: passwd: files ldap shadow: files ldap group: files ldap
Digression: I'm a little surprised you're using pam's padl software. Between nss-pam-ldapd and sssd we decided to embrace the apparent future and have successfully moved to sssd for our CentOS 6 boxes. ** This doesn't impact your problem though. **
Chris Jacobs, Jr. Unix System Administrator Apollo Group | Apollo Marketing | ITG 2001 6th Ave, Suite 3200 | Seattle, WA 98121-2522 phone: 206.441.9100 x1245tel:206.441.9100%20x1245 | mobile: 206.601.3256tel:206.601.3256 | fax: 206.441.9661tel:206.441.9661 email: chris.jacobs@apollogrp.edumailto:chris.jacobs@apollogrp.edu
________________________________ From: SYeen Su [seauyeen@mgrc.com.mymailto:seauyeen@mgrc.com.my] Sent: Thursday, March 22, 2012 6:22 PM To: Chris Jacobs Cc: mlstarling31@hotmail.commailto:mlstarling31@hotmail.com; openldap-technical@openldap.orgmailto:openldap-technical@openldap.org
Subject: Re: Root not allowed to login
Hi Chris,
That's what I suspect too but I am not sure how else to tweak my pam and nsswitch files. Do you have any suggestions? Below is my pam.d/system-auth file and my nsswitch file excerpt has been attached previously.
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so
account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 dcredit=-2 ucredit=-2 lcredit=-2 ocredit=-2 minlen=8 type=strong password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so
session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so
Is there anything amiss with my pam file? If you need to have a look at my login and sshd pam file, please tell me so.
Thanks a lot.
On Fri, Mar 23, 2012 at 9:17 AM, Chris Jacobs <Chris.Jacobs@apollogrp.edumailto:Chris.Jacobs@apollogrp.edu> wrote: The timeouts are how long to wait for ldap to respond. It should check local (normally via pam) next.
We have our user's in LDAP and can still login using the local accounts.
Your issue isn't an LDAP problem, it's a pam/nsswitch/local issue.
- chris
Chris Jacobs Systems Administrator, Technology Services Group
Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. 1501 4th Ave | Suite 2500 | Seattle, WA 98101 direct 206.839.8245tel:206.839.8245 | cell 206.601.3256tel:206.601.3256 | Fax 206.644.0628tel:206.644.0628 email: chris.jacobs@apollogrp.edumailto:chris.jacobs@apollogrp.edu
________________________________ From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: Michael Starling <mlstarling31@hotmail.commailto:mlstarling31@hotmail.com> Cc: openldap <openldap-technical@openldap.orgmailto:openldap-technical@openldap.org> Sent: Thu Mar 22 18:10:55 2012 Subject: Re: Root not allowed to login
Hi Michael,
I have changed the timelimit and bind_timelimit to 4 but it still checks with ldap immediately ( I mean when root logs in ). i doubt it has anything to do with the time because it checks immediately without any delay.
On Thu, Mar 22, 2012 at 9:51 PM, Michael Starling <mlstarling31@hotmail.commailto:mlstarling31@hotmail.com> wrote: Try setting your timelimt and bind_timelimit to something like a bit lower.
timelimit 4
bind_timelimit 4
________________________________ Date: Thu, 22 Mar 2012 17:03:56 +0800 Subject: Root not allowed to login From: seauyeen@mgrc.com.mymailto:seauyeen@mgrc.com.my To: openldap-technical@openldap.orgmailto:openldap-technical@openldap.org
Hi,
My client is installed with RHEL 6.0 and I am using OpenLDAP 2.4. When the box loses connection with the ldap server, even the root cannot log in as it tries to bind with the ldap server. This can be seen when I log in with root and the message below appears :
sshd: pam_ldap: error trying to bind as user "uid=root, ou=People, dc=example,dc=com" (Invalid credentials).
My root user is not even in the ldap database. When connection is fine, the message above does not affect the login of root. The login of root is only screwed up when the box loses connectivity.
Attached are my pam.d/system-auth file, pam.d/login, pam./dsshd and ldap.conf files.
I have been googling around but some either switch to kerberos, or the question is left unatttended to. Please help. I can only resort to restarting the box whenever this happens. How can I configure the ldap so that local users can login when there's no connectivity to ldap server?
Thanks heaps!
--
________________________________
MGRC - Sequence. Analyse. Innovate.
Su Seau Yeen Manager, IT Operations
Malaysian Genomics Resource Centre Berhad (MGRC) T: +6 03 2283 1820tel:%2B6%C2%A003%C2%A02283%C2%A01820 | F: +6 03 2282 8102tel:%2B6%C2%A003%C2%A02282%C2%A08102 | M: +6 012 6784642tel:%2B6%C2%A0012%C2%A06784642 | www.mgrc.com.myhttp://www.mgrc.com.my/
________________________________
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
--
________________________________
MGRC - Sequence. Analyse. Innovate.
Su Seau Yeen Manager, IT Operations
Malaysian Genomics Resource Centre Berhad (MGRC) T: +6 03 2283 1820tel:%2B6%C2%A003%C2%A02283%C2%A01820 | F: +6 03 2282 8102tel:%2B6%C2%A003%C2%A02282%C2%A08102 | M: +6 012 6784642tel:%2B6%C2%A0012%C2%A06784642 | www.mgrc.com.myhttp://www.mgrc.com.my/
________________________________
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
________________________________ This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
--
________________________________
MGRC - Sequence. Analyse. Innovate.
Su Seau Yeen Manager, IT Operations
Malaysian Genomics Resource Centre Berhad (MGRC) T: +6 03 2283 1820tel:%2B6%C2%A003%C2%A02283%C2%A01820 | F: +6 03 2282 8102tel:%2B6%C2%A003%C2%A02282%C2%A08102 | M: +6 012 6784642tel:%2B6%C2%A0012%C2%A06784642 | www.mgrc.com.myhttp://www.mgrc.com.my/
________________________________
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
________________________________ This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
--
________________________________
MGRC - Sequence. Analyse. Innovate.
Su Seau Yeen Manager, IT Operations
Malaysian Genomics Resource Centre Berhad (MGRC) T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | www.mgrc.com.myhttp://www.mgrc.com.my/
________________________________
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
________________________________ This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
Hi Chris,
For testing purpose I disabled the PermitRootLogin to yes temporarily. Usually it's no and the failure was noticed when the server lost connection to the ldap server and even root ( that's local) is not able to log in. Hence, I started investigating what is wrong. Bottomline, via console, root is not able to log in if there is no network connectivity to ldap and I am trying to solve this issue because if even root and any othe rlocal users cannot log in via console, I am not able to check what is wrong with the network, the only option is to reboot, which is what I'd like to avoid.
On Fri, Mar 23, 2012 at 10:14 AM, Chris Jacobs Chris.Jacobs@apollogrp.eduwrote:
Syeen,
Are you trying to login remotely? Or at the local console?
If remotely, this may be standard behavior as usually PermitRootLogin is set to no in /etc/ssh/sshd_config - which I would NOT recommend changing. During an outage, local console access would have to be used (via ILO, some KVM over IP, etc, solution).
Other than that, everything in your system-auth-ac and nsswitch.conf look fine to me.
- chris
*Chris Jacobs,** *Jr. Unix System Administrator Apollo Group | Apollo Marketing | ITG
2001 6th Ave, Suite 3200 | Seattle, WA 98121-2522 phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661
email: chris.jacobs@apollogrp.edu
*From:* SYeen Su [seauyeen@mgrc.com.my] *Sent:* Thursday, March 22, 2012 7:13 PM
*To:* Chris Jacobs *Cc:* mlstarling31@hotmail.com; openldap-technical@openldap.org *Subject:* Re: Root not allowed to login
Hi Chris,
Exactly, all my configuration seems correct as I have compared. Hmm let's just say i am not familiar with sssd and to migrate to sssd, I think i gotta spend some time studying it. So, i know, i took the easy way out by just porting over my previous ldap configuration to RHEL6.
Anyway, my snippets from /etc/nsswitch.conf file as below:
*passwd: files ldap shadow: files ldap group: files ldap
It matches yours too, right? If i put the sequence the other way round, root practically cannot log in at all!
What else do I need to configure on my client side? I am lost!
On Fri, Mar 23, 2012 at 10:10 AM, Chris Jacobs <Chris.Jacobs@apollogrp.edu
wrote:
Again, this isn't an openldap issue, but...
Your /etc/pam.d/system-auth-ac file looks fine to me - it matches both our CentOS5 and CentOS6 machines.
I looked and was unable to find any attachments or included snippets from your /etc/nsswitch.conf file.
On our systems using PADL's pam_ldap, you should have in there: passwd: files ldap shadow: files ldap group: files ldap
Digression: I'm a little surprised you're using pam's padl software. Between nss-pam-ldapd and sssd we decided to embrace the apparent future and have successfully moved to sssd for our CentOS 6 boxes. ** This doesn't impact your problem though. **
*Chris Jacobs,** *Jr. Unix System Administrator Apollo Group | Apollo Marketing | ITG
2001 6th Ave, Suite 3200 | Seattle, WA 98121-2522 phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661
email: chris.jacobs@apollogrp.edu
*From:* SYeen Su [seauyeen@mgrc.com.my] *Sent:* Thursday, March 22, 2012 6:22 PM *To:* Chris Jacobs *Cc:* mlstarling31@hotmail.com; openldap-technical@openldap.org
*Subject:* Re: Root not allowed to login
Hi Chris,
That's what I suspect too but I am not sure how else to tweak my pam and nsswitch files. Do you have any suggestions? Below is my pam.d/system-auth file and my nsswitch file excerpt has been attached previously.
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so
account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 dcredit=-2 ucredit=-2 lcredit=-2 ocredit=-2 minlen=8 type=strong password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so
session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so
Is there anything amiss with my pam file? If you need to have a look at my login and sshd pam file, please tell me so.
Thanks a lot.
On Fri, Mar 23, 2012 at 9:17 AM, Chris Jacobs <Chris.Jacobs@apollogrp.edu
wrote:
The timeouts are how long to wait for ldap to respond. It should check local (normally via pam) next.
We have our user's in LDAP and can still login using the local accounts.
Your issue isn't an LDAP problem, it's a pam/nsswitch/local issue.
- chris
Chris Jacobs Systems Administrator, Technology Services Group
Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. 1501 4th Ave | Suite 2500 | Seattle, WA 98101 direct 206.839.8245 | cell 206.601.3256 | Fax 206.644.0628 email: chris.jacobs@apollogrp.edu
*From*: openldap-technical-bounces@OpenLDAP.orgopenldap-technical-bounces@OpenLDAP.org
*To*: Michael Starling mlstarling31@hotmail.com *Cc*: openldap openldap-technical@openldap.org *Sent*: Thu Mar 22 18:10:55 2012 *Subject*: Re: Root not allowed to login
Hi Michael,
I have changed the timelimit and bind_timelimit to 4 but it still checks with ldap immediately ( I mean when root logs in ). i doubt it has anything to do with the time because it checks immediately without any delay.
On Thu, Mar 22, 2012 at 9:51 PM, Michael Starling < mlstarling31@hotmail.com> wrote:
Try setting your timelimt and bind_timelimit to something like a bit lower.
timelimit 4
bind_timelimit 4
Date: Thu, 22 Mar 2012 17:03:56 +0800 Subject: Root not allowed to login From: seauyeen@mgrc.com.my To: openldap-technical@openldap.org
Hi,
My client is installed with RHEL 6.0 and I am using OpenLDAP 2.4. When the box loses connection with the ldap server, even the root cannot log in as it tries to bind with the ldap server. This can be seen when I log in with root and the message below appears :
sshd: pam_ldap: error trying to bind as user "uid=root, ou=People, dc=example,dc=com" (Invalid credentials).
My root user is not even in the ldap database. When connection is fine, the message above does not affect the login of root. The login of root is only screwed up when the box loses connectivity.
Attached are my pam.d/system-auth file, pam.d/login, pam./dsshd and ldap.conf files.
I have been googling around but some either switch to kerberos, or the question is left unatttended to. Please help. I can only resort to restarting the box whenever this happens. How can I configure the ldap so that local users can login when there's no connectivity to ldap server?
Thanks heaps!
--
------------------------------ MGRC - *Sequence. Analyse. Innovate.* *Su Seau Yeen
Manager, IT Operations
*Malaysian Genomics Resource Centre Berhad (MGRC)*
T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | www.mgrc.com.my ------------------------------
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
--
------------------------------ MGRC - *Sequence. Analyse. Innovate.* *Su Seau Yeen
Manager, IT Operations
*Malaysian Genomics Resource Centre Berhad (MGRC)*
T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | www.mgrc.com.my ------------------------------
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
--
------------------------------ MGRC - *Sequence. Analyse. Innovate.* *Su Seau Yeen
Manager, IT Operations
*Malaysian Genomics Resource Centre Berhad (MGRC)*
T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | www.mgrc.com.my ------------------------------
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
--
------------------------------ MGRC - *Sequence. Analyse. Innovate.* *Su Seau Yeen
Manager, IT Operations
*Malaysian Genomics Resource Centre Berhad (MGRC)*
T: +6 03 2283 1820 | F: +6 03 2282 8102 | M: +6 012 6784642 | www.mgrc.com.my ------------------------------
This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is strictly prohibited. If you receive this e-mail in error, please contact us immediately by return e-mail and delete the original message(s).
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
openldap-technical@openldap.org