On Sat, 18 Jun 2011 22:13 -0700, "Hai Tao" taoh666@hotmail.com wrote:
Yes, I tried to add a host attribute, but I got object class violation error. Any idea?
Thanks.
Hai Tao
Did you ever resolve this? You don't mention which OS you are using, but in standard RH5 you can do try this.
1. Install nss_ldap 2. copy /usr/share/doc/nss_ldap-253/ldapns.schema /etc/openldap/schema/ldapns.schema This will provide the hostObject objectClass 3. In slapd.conf include /etc/openldap/schema/ldapns.schema 4. In a users ldap record add objectClass: hostObject 5. In the users ldap record add host: hostname 6. Modify the hosts ldap.conf file: pam_check_host_attr yes
Doing this from memory, but I think that should be enough to get what you want to work on a RH5 system. RH6 uses some different files on the host. BTW, you can also use the account objectClass to provide the host attribute, but my guess is that it will most likely conflict with another structural object class.
I have RH5 systems that authenticate against stock RH5 Openldap servers (2.3.43). System files (ldap.conf, pam files etc) are setup to contact the openldap server using tls. When a system boots up some of the system daemons (ntpd, hald, dbus-daemon) establish an ldap connection the the server. Once these connections get established they seem to never go away which is fine I guess. So what I have is a persistent tcp connections like this:
client:51520 --> openldapServer:389
I'm trying to work through some firewall issues and I have noticed that the ldap server sends a "ack" packet to the client every 10 hours without fail via these sockets that the daemons spawned. This is sent from the server without any thing from the client first. The 10 hours is very consistent. Does anyone know if there is something in the ldap protocol or slapd that would cause this behavior? Just trying to rule things out.
openldapServer:389 --> client:51520
openldap-technical@openldap.org
-
ldap@mm.st