Is there any way to integrate LDAP with DNS? What I mean is if there is any way to ask an LDAP server with the standard LDAP API and the LDAP server reverts to a DNS server if the requested information is not present in the database.
View 2 Replies
I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
# rpm -qa | grep ldap
python-ldap-2.2.0-2.1
php-ldap-5.1.6-23.2.el5_3
[code]....
I'm trying to set up a Linux server and I am new to this. I have gone through most of the configuration using SAMBA 3.0 and when I populate the ldap directory all I get this error before the password request:
Then when I perform an ldapsearch to see if the directory is populated I get this message:
I'm positive all my .conf files are done right.
how to integrate apache with mysql
View 2 Replies View RelatedI downloaded a patch for ns-2.1b8 in wfq.. Can anyone please tell me how to integrate this patch to the ns environment.
View 2 Replies View RelatedMy evolution mail is not able to integrate my gmail chat and facebook chat.It shows this error-
Disconnected-network error
i have configured ldapserver on rhel4 for creating address book
following are configuration files on ldap server
/etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
i am able to import this ldif file into database.also when i perform the ldapsearch on this server with command"ldapsearch �x �W �D �cn=manager, dc=example, dc =com� �b �dc=example, dc=com�" i get correct output.
but when i am trying to search from another client machine, i am getting "error ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"
also when i configured address book on mozilla on server., it is working fine.but not working on another machine.is any configuration is missing on client machine.both ldap server and client are configured on rhel4es without any firewall or selinux.
I took to yast to install ldap. I creating the CA cert, server key and server cert and specified them during the yast ldap server dialogs.
The firewall is open for ldap.
I also went through yast's ldap client ... though I didn't exactly see to anything (presuably it wrote up a configuration file somewhere).
However when trying use the basic ldap tools, like ldapwhoami. Well it doesn't connect and gives me the above error. Of coure the ldap db is unpopulated as yet, so it probably is not able to say who am at all. But ldapadd doesn't work either.
It seems to point to my SSL usage not being correct .. so I'm trying to double check that now.
i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap
here is my config file on ldap client (i am not sure if it is the right place though)
ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap
pico /etc/ldap/ldap.conf
#
# LDAP Defaults
code....
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
I'm checking with a sniffer and there's activity going on between the client and the LDAP server... as a matter of fact, the sniffer shows that the search is producing one ldap item, however, php says it can't contact the ldap server (after it has bound and everything):
The script is working beautifully on another host with debian.
why i can't login on the ldap-client via ldap, so here is a short description of my machines (i use openvz virtualising)I have on the HN (Debian Lenny) 2 VE's, which are in the same subnet (192.168.1.0/24)The first VE (Hostname: ldap1, IP: 192.168.1.91) is the ldap-server, which is so configured, that i can manage the server via phpldapadmin.The second VE (Hostname: ftp1, IP: 192.168.1.31) is the ldap-client, there should run a sftp-server in the future and the sftp-server(ssh-server) should use ldap-usernames to login. on the ftp1, i get with this command getent passwd the users configured on the ldap-server, but with the command id USERNAME the result is, that the user doesn't exist. (USERNAME is this name, i get returned by getent) and if i try to login via ssh, i get permission denied. and because the machines are openvz-virtual-machines, so i can't login on them like on a normal system, but a su USERNAME doesn't work too, because the user is not known on the system.
my installation:
i don't think, that the ldap-server is the problem, because the phpldapadmin and getent on ftp1 are working perfectly, but if you want, i can post the config here too. the VE ftp1 was configured with the following how-to: [URL] and pam is configured like in the chapter "PAM setup with pam_ldap" on [URL]
I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP server. I've install the following: sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils pam_ccreds Here's my /etc/nsswitch.conf: passwd: files ldap [NOTFOUND=return] db group: files ldap [NOTFOUND=return] db
[Code]...
I've compiled openssh-5.4p1 on RHEL 4.8 with Openssl 0.9.8m + pam It works perfect without pam (pam-0.77-66), both with password and public key auth. Whith pam enabled and LDAP (openldap-2.4.21, from scratch) something strange happens: system users: I can do ssh with both password and public key LDAP users: public key works for remote users, still I cannot do ssh with just password. I'm trying a custom PAM configuration, because the default one (even with authconfig + LDAP ) blocks ssh even with system users.
My pam SSHD configuration is:
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
[code]....
My LDAP users are ok: i can do "su - " remote LDAP (so that nss_ldap is OK), also getent passwd and getent group is ok.
I have LDAP authentication working via SSSD using authconfig-tui and a few minor modifications to sssd.conf (ie: max_id etc). The problem I am having is it would appear /etc/ldap.conf is being ignored and/or setups that work perfectly on RHEL5, F11 and F12 no longer work on F13. Specifically Im referring to "pam_check_host_attr" and "nss_map_attribute". It refuses to honor either of these options and I can only assume a number of the other options in our ldap.conf. For instance, "nss_map_attribute" is defaulting to the standard "homeDirectory" rather than "homeDirectoryLinux". This is related to a bunch of OSX clients we have and its not optional to use another setup. The host restriction is also a major issue.
Relevant sssd.conf:
[domain/default]
auth_provider = ldap
cache_credentials = True
can anyone tell me what is the difference between these two files of LDAP client /etc/ldap.conf and /etc/ldap/ldap.conf and for what purposes these two files gives services. Is it necessary to have these two files at a time ?
I use these files to install LDAP client to authenticate with our LDAP server by creating a symbolic link of /etc/ldap.conf to /etc/ldap/ldap.conf.
I had a machine that is using ldap, but need to remove it completely.I edited the /etc/nsswitch.conf and removed all references of ldapand renamed /etc/ldap.conf to /etc/ldap.conf.bakI can log in as root, but cannot log in as any user in /etc/passwdIn the /var/log it shows pam_ldap: missing file "/etc/ldap.conf"I am guessing I am missing something else?I never set this machine up for ldap, was here when i got here, so not sure of steps to even put ldap on.
View 2 Replies View RelatedI am trying to set up LDAP on 10.04 and cannot figure out what my FQDN is. Where do I find it or how do I configure it?
View 1 Replies View Relatedwe have a weird problem with our opensuse 11.2 server installation.
We want to set up a LDAP Server using the Yast-LDAP Server configuriation tool.
This indeed already worked weeks ago until....this week.
Maybe some updates??!
I do not know what happend exactly. The server just does not want to start again and throws following error:
Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1 failed
This happend after a little check of the configuration, but without a change, with Yast. Google delivered only "reinstall your box"-answers.
So.. i did that. And now the "mystical" part: The SAME ERROR occurs with a fresh vanilla system with a brand new and simple configuration (certificats, database, pw...the first Yast config dialog...). I did not change the way i set it up.
I remember, when i did this the first time with 11.2 on that machine, when no problems occured...everything was running out of the box (except the "use commen server certificate" option...).
I have an Openldap server and many 9.10 servers using it to check for possible ssh users. No problems there. Just brought up my first 10.04 server and went through the same procedure to allow ldap users to ssh in, works great. The problem is that ldap users cannot su to root on the 10.04 server. Only locally defined users can su to root, though they cannot su to ldap users. The local root user can su to anyone. Quick overview of how I installed ldap login:
Code:
# apt-get install libnss-ldap
# echo "session required pam_mkhomedir.so skel=/etc/skel/" >> /etc/pam.d/common-session
And added ldap to the end of these lines in /etc/nsswitch.conf:
Code:
passwd: compat ldap
group: compat ldap
shadow: compat ldap
This process has worked without a hitch on 9.10 dozens of times. So my question is, why are ldap and local users now incapable of using su across authentication mechanisms? For reference these are the error messages in /var/log/auth.log when trying to su to root from an ldap user:
Code:
Jun 14 16:17:07 server unix_chkpwd[6560]: check pass; user unknownJun 14 16:17:07 server unix_chkpwd[6560]: password check failed for user (root)
Jun 14 16:17:07 server su[6559]: pam_unix(su:auth): authentication failure; logname=ldapuser uid=2000 euid=2000 tty=/dev/pts/5 ruser=ldapuser rhost= user=root
Jun 14 16:17:09 server su[6559]: pam_authenticate: Authentication failure
Jun 14 16:17:09 server su[6559]: FAILED su for root by ldapuser
And the auth.log for trying to su to an ldap user from a local one:
Code:
Jun 14 17:18:18 server su[8473]: pam_unix(su:auth): authentication failure; logname=localuser uid=1000 euid=1000 tty=/dev/pts/0 ruser=localuser rhost= user=ldapuser
Jun 14 17:18:18 server su[8473]: Successful su for ldapuser by localuserJun 14 17:18:18 server su[8473]: + /dev/pts/0 localuser:ldapuser
Jun 14 17:18:18 server su[8473]: bad group ID `2000' for user `ldapuser': Operation not permitted
I am trying to setup LDAP and NFS for our school computer lab (authenticating student logins, file storage, etc.) but I am in over my head. I can't seem to find a good guide for 10.04 anywhere.
View 6 Replies View RelatedI have installed openldap version 2.4.21 and configured with the help of the site [URL] and the LDAP address book is working fine. But I need to create an LDAP directory such that it will contain the user name and passwords for the users and when user is logging to any application he is authenticated from LDAP directory
e.g Users who need to browse the internet need to authenticate with username and password for access from the firewall (Juniper Netscreen) and similarly other applications like oracle ERP such that they will have only 1 username and password stored in LDAP directory and all other applications will search for the user name and password for authentication.
How to install open ldap on CentOS 5
View 1 Replies View RelatedHas any taken and/or recommend a coarse in LDAP integration? I would love if I could make my labs a single sign-on.
View 4 Replies View RelatedI have read the man of ldif .In my attempt to build my current directory, I have taken a dump of my last successful implementation (which was created on FreeBSD 8.1) and substituted values for the dc=company and dc=com values with the correct ones for the current directory (attempting to implement under CentOS 5.4) and even tho the correct schemas are in place it is choking on entry.
View 9 Replies View RelatedI'm setting up a LDAP server to centralize the admin of a bunch of Centos 5.2 servers. I've got the LDAP server set up. I've got my client machines reading their autofs mount tables from LDAP. Now, I'd like to get name resolution working via LDAP.
Here's what I have so far:
1) /etc/nsswitch.conf contains the line "hosts: files dns ldap"
2) /etc/openldap/ldap.conf has URI and NSS_BASE_HOSTS set up to indicate root of "hosts" subtree in LDAP database.
3) "hosts" node in database is an "orginizationalUnit" object.
4) Below "hosts" I have a number of "ipHost" nodes defined with "cn" set to host name and "ipHostNumber" set to host's IP address
This setup doesn't work. Attempting to ping a host by name locks up. If I take the "ldap" keyword off of the "hosts:" entry in the nsswitch.conf file, the ping then returns immediately with "unknown host".
I'm surprised that there isn't better information available online on how to do this. I've found bits and pieces, but nothing concise. how to get name resolution working through LDAP?
I have LDAP server but I'm not admin. When I type: ldapsearch -x -b "ou=2007,o=faculty" "cn=7username"
View 11 Replies View Relatedusing the LDAP as storage of hostnames/IPs/MACs for the DHCP server on CentOS.Also once the IP is allocated via DHCP to the hosts,it would be useful to insert such host into the DNS. (BIND? dnsmasq?)I've found this link [URL] which deals with a patch for the ISC DHCP package, but I don't think this is actually up-to-date.
View 1 Replies View RelatedWe have SLES10 + IBM_HTTP_Server/7.0.0.7 + PHP5. We're trying to authorize users via ldap, but it fails with strange messages:
httpd.conf:
.....
<LIMIT GET>
Order Deny,Allow
allow from all
Satisfy all
AuthName "DEVELOPMENT (use your Intranet Password)"
AuthType basicLDAPVerify
AuthType basic AuthBasicProvider ldap
AuthLDAPURL ldap://bluepages.site.com/ou=bluepages,o=site.com?mail?sub? NONE
AuthzLDAPAuthoritative off
Require valid-user
</Limit> .....
error_log .....
I installed ldap on my server and one of my client machines yesterday.It also now won't let me get into graphical utilities that require root privileges; synaptic for example. It comes back with "incorrect password". I noticed that in the terminal it now requires me to enter two passwords to become root: the root password and the ldap password. I wonder if the two are related.I'm not sure what information to post; there's a ton of configuration files associated with this setup. Can somebody help me troubleshoot this? Thanks!
View 8 Replies View Related
