Hello
I have an LDAP authentication setup that authenticates users against a server that I do not control.
However, whenever a user logs in, the default home directory is set to an NFS mount on another server.
I want to change the settings so that the user's home directory is local, say, /home/CAMPUS/username.
How do I do that ?
With regards.
On 12/04/11 19:10 -0500, Madhusudan Singh wrote:
Hello
I have an LDAP authentication setup that authenticates users against a server that I do not control.
Could you provide more details about your setup?:
Do you know what ldap server and version the server is running? What openldap client libraries are you using on the clients? What other software, if any, are you using to authenticate users to the server (e.g. PADLs pam-ldap)? Are you also using an ldap nss plugin? What OS on the clients?
However, whenever a user logs in, the default home directory is set to an NFS mount on another server.
So the users' home directories are set to something similar to '/nfs/server-1/home/jsmith' I would guess.
See 'getent passwd jsmith' (or your system's equivalent) to see what their current home directory is.
I want to change the settings so that the user's home directory is local, say, /home/CAMPUS/username.
You'd have to know what nss plugin, if any, is in effect, and modify it's database (e.g. /etc/passwd, or the user's entry in your ldap server).
Thanks for your response.
On Wed, Apr 13, 2011 at 8:30 AM, Dan White dwhite@olp.net wrote:
On 12/04/11 19:10 -0500, Madhusudan Singh wrote:
Hello
I have an LDAP authentication setup that authenticates users against a server that I do not control.
Could you provide more details about your setup?:
Do you know what ldap server and version the server is running? What openldap client libraries are you using on the clients? What other software, if any, are you using to authenticate users to the server (e.g. PADLs pam-ldap)? Are you also using an ldap nss plugin? What OS on the clients?
I know nothing about the server setup. Acquiring any information about it, much less modifying it, is going to be difficult (if not impossible).
The client is an OpenSuSE 11.2 machine that has a nss_ldap installed (along with pam_ldap). The IT folks also installed a binary-only module that permits the authentication to the University LDAP server. That is why I am using an old version of OpenSuSE.
However, whenever a user logs in, the default home directory is set to an
NFS mount on another server.
So the users' home directories are set to something similar to '/nfs/server-1/home/jsmith' I would guess.
A path starting with /net, but yes, it is NFS.
See 'getent passwd jsmith' (or your system's equivalent) to see what their current home directory is.
It matches the NFS path mount.
I want to change the settings so that the user's home directory is local,
say, /home/CAMPUS/username.
You'd have to know what nss plugin, if any, is in effect, and modify it's database (e.g. /etc/passwd, or the user's entry in your ldap server).
I cannot change anything on the LDAP server, so that part is out of the question.
Is there something I can do at my end to;
1. Log users into /home/CAMPUS/username. 2. Create a dynamic symlink to their /net NFS mount for the duration of the session (or even permanently) ?
On Wed, 2011-04-13 at 09:51 -0500, Madhusudan Singh wrote:
The client is an OpenSuSE 11.2 machine that has a nss_ldap installed (along with pam_ldap). The IT folks also installed a binary-only module that permits the authentication to the University LDAP server. That is why I am using an old version of OpenSuSE.
You could give nss-pam-ldapd a try and copy the config from nss_ldap and pam_ldap. It has a fancy syntax to overwrite certain attributes. E.g. you could give all LDAP users a local home directory with map passwd homeDirectory /home/CAMPUS/$uid
You can keep using pam_ldap if you like. Information about home directories, user names, etc are provided by the NSS module, the PAM module is responsible for authentication and password change.
Can you give me some details of this ?
I do not want to mess up a working authentication mechanism if I can avoid it.
On Fri, Apr 15, 2011 at 9:37 AM, Arthur de Jong arthur@arthurdejong.orgwrote:
On Wed, 2011-04-13 at 09:51 -0500, Madhusudan Singh wrote:
The client is an OpenSuSE 11.2 machine that has a nss_ldap installed (along with pam_ldap). The IT folks also installed a binary-only module that permits the authentication to the University LDAP server. That is why I am using an old version of OpenSuSE.
You could give nss-pam-ldapd a try and copy the config from nss_ldap and pam_ldap. It has a fancy syntax to overwrite certain attributes. E.g. you could give all LDAP users a local home directory with map passwd homeDirectory /home/CAMPUS/$uid
You can keep using pam_ldap if you like. Information about home directories, user names, etc are provided by the NSS module, the PAM module is responsible for authentication and password change.
-- -- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
On Fri, 2011-04-15 at 14:35 -0500, Madhusudan Singh wrote:
Can you give me some details of this ?
nss-pam-ldapd is an alternative to nss_ldap and pam_ldap provided by PADL. Some distributions have packages for it but you should also be able to install from source. The NSS and PAM modules can be built separately.
The nss-pam-ldapd homepage contains some documentation and downloads: http://arthurdejong.org/nss-pam-ldapd/
I do not want to mess up a working authentication mechanism if I can avoid it.
Authentication is provided by the PAM module but also requires the NSS module to be functional. The NSS module provides home directory, shell, etc. Configuration of nss_ldap and pam_ldap varies per distribution (/etc/ldap.conf, /etc/nss_ldap.conf,...). For nss-pam-ldapd a single file /etc/nslcd.conf provides the configuration for both modules.
2011/4/16 Arthur de Jong arthur@arthurdejong.org:
On Fri, 2011-04-15 at 14:35 -0500, Madhusudan Singh wrote:
Can you give me some details of this ?
nss-pam-ldapd is an alternative to nss_ldap and pam_ldap provided by PADL. Some distributions have packages for it but you should also be able to install from source. The NSS and PAM modules can be built separately.
The nss-pam-ldapd homepage contains some documentation and downloads: http://arthurdejong.org/nss-pam-ldapd/
I do not want to mess up a working authentication mechanism if I can avoid it.
Authentication is provided by the PAM module but also requires the NSS module to be functional. The NSS module provides home directory, shell, etc. Configuration of nss_ldap and pam_ldap varies per distribution (/etc/ldap.conf, /etc/nss_ldap.conf,...). For nss-pam-ldapd a single file /etc/nslcd.conf provides the configuration for both modules.
-- -- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
Also, if that workstation only is used by a couple of users, a quick workaround would be to add users to /etc/passwd like this:
--- +user123:::::/home/CAMPUS/user123: ---
That worked for me in openSUSE 11.3 and 11.4.
Regards, Ciro
On Tue, 12 Apr 2011, Madhusudan Singh wrote:
Hello I have an LDAP authentication setup that authenticates users against a server that I do not control.
However, whenever a user logs in, the default home directory is set to an NFS mount on another server.
I want to change the settings so that the user's home directory is local, say, /home/CAMPUS/username.
How do I do that ?
Perhaps you could create a proxy (to that existing server) with slapo-translucent handling your local data requirements?
On Wed, Apr 13, 2011 at 8:40 AM, Aaron Richton richton@nbcs.rutgers.eduwrote:
On Tue, 12 Apr 2011, Madhusudan Singh wrote:
Hello
I have an LDAP authentication setup that authenticates users against a server that I do not control.
However, whenever a user logs in, the default home directory is set to an NFS mount on another server.
I want to change the settings so that the user's home directory is local, say, /home/CAMPUS/username.
How do I do that ?
Perhaps you could create a proxy (to that existing server) with slapo-translucent handling your local data requirements?
Will this require administrator rights on the LDAP server (to copy / sync stuff) ?
openldap-technical@openldap.org
-
Aaron Richton -
Arthur de Jong -
Ciro Iriarte -
Dan White -
Madhusudan Singh