Hi,
I am using openldap-2.4.19-4 on fedora 12 machine. In order to protect roobindpw, I removed that from /etc/ldap.conf and written it in /etc/ldap.secret with root access only. Now, /etc/ldap.conf file (with permissions 644) contents w.r.t. bind are as follows:
# The distinguished name to bind to the server with. # Optional: default is to bind anonymously. #binddn cn=root,dc=abc,dc=com
# The credentials to bind with. # Optional: default is no credential. #bindpw cluster
# The distinguished name to bind to the server with # if the effective user ID is root. Password is # stored in /etc/ldap.secret (mode 600) rootbinddn cn=root,dc=abc,dc=com
but now when I do $ssh ldap_6@client-node-name, I get the following message:
id: cannot find name for user ID 514 id: cannot find name for user ID 514 [I have no name!@client-node-name ~]$
when i do $id on client node I get the followng:
uid=514 gid=514(ldap_6) groups=514(ldap_6)
Any idea what could be the problem?
Hi
This means that pam_ldap is working but nss_ldap isn't (Restart the nscd damon, if installed..). Check your auth log on your fedora. You should see some lib_nss log messages.
On 12/05/2011 11:48 AM, Jayavant Patil wrote:
Hi,
I am using openldap-2.4.19-4 on fedora 12 machine. In order to protect roobindpw, I removed that from /etc/ldap.conf and written it in /etc/ldap.secret with root access only. Now, /etc/ldap.conf file (with permissions 644) contents w.r.t. bind are as follows:
# The distinguished name to bind to the server with. # Optional: default is to bind anonymously. #binddn cn=root,dc=abc,dc=com
# The credentials to bind with. # Optional: default is no credential. #bindpw cluster
# The distinguished name to bind to the server with # if the effective user ID is root. Password is # stored in /etc/ldap.secret (mode 600) rootbinddn cn=root,dc=abc,dc=com
but now when I do $ssh ldap_6@client-node-name, I get the following message:
id: cannot find name for user ID 514 id: cannot find name for user ID 514 [I have no name!@client-node-name ~]$
when i do $id on client node I get the followng:
uid=514 gid=514(ldap_6) groups=514(ldap_6)
Any idea what could be the problem?
--
Thanks & Regards, Jayavant Ningoji Patil Engineer: System Software Computational Research Laboratories Ltd. Pune-411 004. Maharashtra, India. +91 9923536030.
Hi,
Mon, 05 Dec 2011 13:17:33 +0100 "Raffael Sahli" public@raffaelsahli.com wrote:
Hi
This means that pam_ldap is working but nss_ldap isn't (Restart the nscd damon, if installed..). Check your auth log on your fedora. You should see some lib_nss log messages.
Everything is working fine but the problem is with the ACL rule which is used to restrict a user to see his information only.
access to filter=(objectClass=person) by self write by dn.children="ou=People,dc=abc,dc=com" none by anonymous none by * none
the problem is with 'by anonymous none'. Here, it will restrict access as per desired (means each user to see his info only) but when i do $ssh ldap_6@<client-node>, it will ask passwd and will show the following:
id: cannot find name for user ID 514 [ I have no name!@<client-node>]
On the other way, when I specify 'by anonymous read' in the above ACL rule and do $ssh ldap_6@<client-node> , it works.
[ldap_6@<client-node>]
but ldap_6 user can see other users info since anonymous can read everything which is not desirable.
So, my problem is I want to specify the ACL rule such that each user can see its own data only and at the same time I should not get ' I have no name!' after ssh.
How do I write the ACL rule to achieve this?
Any suggestions are welcome.
On 12/05/2011 11:48 AM, Jayavant Patil wrote:
Hi,
I am using openldap-2.4.19-4 on fedora 12 machine. In order to protect roobindpw, I removed that from /etc/ldap.conf and written it in /etc/ldap.secret with root access only. Now, /etc/ldap.conf file (with permissions 644) contents w.r.t. bind are as follows:
# The distinguished name to bind to the server with. # Optional: default is to bind anonymously. #binddn cn=root,dc=abc,dc=com
# The credentials to bind with. # Optional: default is no credential. #bindpw cluster
# The distinguished name to bind to the server with # if the effective user ID is root. Password is # stored in /etc/ldap.secret (mode 600) rootbinddn cn=root,dc=abc,dc=com
but now when I do $ssh ldap_6@client-node-name, I get the following message:
id: cannot find name for user ID 514 id: cannot find name for user ID 514 [I have no name!@client-node-name ~]$
when i do $id on client node I get the followng:
uid=514 gid=514(ldap_6) groups=514(ldap_6)
Any idea what could be the problem?
--
Thanks & Regards, Jayavant Ningoji Patil Engineer: System Software Computational Research Laboratories Ltd. Pune-411 004. Maharashtra, India. +91 9923536030.
On Wed, Dec 7, 2011 at 4:01 PM, fuzzy_4711 fuzzy_4711@gmx.de wrote:
How do I write the ACL rule to achieve this?
Couldn't it be
by * auth
No. Not working.
-fuz
openldap-technical@openldap.org
-
fuzzy_4711 -
Jayavant Patil -
Raffael Sahli