Gavin Henry wrote:
Eric Ritchie wrote:
I have 3 NIS domains I wish to convert to ldap. I would like to keep 3 separate areas in ldap since the NIS domains have different accounts. I created a base dn and loaded data under 3 higher levels, such as base is dc=xyz,dc=com and dc=a,dc=xyz,dc=com dc=b,dc=xyz,dc=com dc=c,dc=xyz,dc=com. Then if I want client one to be in domain a, I set its base to dc=a,dc=xyz,dc=com. This works for host name lookups but when another host tries to login to the box via telnet or rsh, the login hangs after the password is entered, ssh works though. If I specify a binddn on the client with dc=a,dc=xyz,dc=com, I can login via telnet and rsh but name lookups fail on the host. Any idea what is causing this? Is this the best way to have separate DBs for clients?
Thanks
Sounds like you are using pam_ldap? I would post to their lists with you configurations etc.
Gavin.
I emptied my ldap database to start fresh. I created a base of dc=ibg,dc=com and loaded 2 hostname/IPs. I configured my client to use ldap for hosts in /etc/nsswitch.conf. Its using ldap for host lookups only, nothing else. The client works fine, it can find the 2 hosts in ldap. If I try to telnet from a host not in ldap it works but if I try to telnet from one of the hosts in ldap to my client, it hangs. If I set binddn on the client, then the hosts in ldap can telnet to the client but the client can't lookup host names. I'm new to ldap so I'm not sure if this is a pam or ldap issue. I don't understand why enabling the binddn allows the remote host to telnet but breaks local name lookups.
Thanks
I emptied my ldap database to start fresh. I created a base of dc=ibg,dc=com and loaded 2 hostname/IPs. I configured my client to use ldap for hosts in /etc/nsswitch.conf. Its using ldap for host lookups only, nothing else. The client works fine, it can find the 2 hosts in ldap. If I try to telnet from a host not in ldap it works but if I try to telnet from one of the hosts in ldap to my client, it hangs. If I set binddn on the client, then the hosts in ldap can telnet to the client but the client can't lookup host names. I'm new to ldap so I'm not sure if this is a pam or ldap issue. I don't understand why enabling the binddn allows the remote host to telnet but breaks local name lookups.
Get everything working using the pam_ldap docs and man pages, without ACLs in OpenLDAP, then come back to the OpenLDAP lists if you are still having problems.
Your OS should have an authentication GUI for setting up this, then it's just a case of ACLs etc. on the LDAP server.
Thanks,
Gavin.
openldap-technical@openldap.org