OpenSUSE Install :: Setting Up An LDAP Server For Suers?
Feb 6, 2010
I'm having problems setting up an LDAP server for suers. The SUSE user management won;t let me create users with passwords longer than 8 characters in the LDAP directory. Local users are fine. This is a new LDAP server setup using the instructions from Integrating LDAP and Samba using openSUSE
I'm getting the error "The password is too long for the current encryption method. Truncate it to 8 characters?" I can create users with short passwords, but this isn't acceptable - it's a security issue.
The susePasswordHash in LDAP is SSHA (default)
The password hash in users & groups management is blowfish.
how to get this working with long passwords?
View 1 Replies
ADVERTISEMENT
May 31, 2010
we have a weird problem with our opensuse 11.2 server installation.
We want to set up a LDAP Server using the Yast-LDAP Server configuriation tool.
This indeed already worked weeks ago until....this week.
Maybe some updates??!
I do not know what happend exactly. The server just does not want to start again and throws following error:
Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1 failed
This happend after a little check of the configuration, but without a change, with Yast. Google delivered only "reinstall your box"-answers.
So.. i did that. And now the "mystical" part: The SAME ERROR occurs with a fresh vanilla system with a brand new and simple configuration (certificats, database, pw...the first Yast config dialog...). I did not change the way i set it up.
I remember, when i did this the first time with 11.2 on that machine, when no problems occured...everything was running out of the box (except the "use commen server certificate" option...).
View 4 Replies
View Related
Jul 26, 2009
I am having problems creating ssl certificates for use with openLDAP. Does anyone know a good centos tutorial as I am having problems finding ones by searching through google and the forums.
To clarify further I have a small network im trying to setup to use ldap for auth due to the size I figured using kerberos for auth would be a bit overkill.....
I have the server up and running fine however at the moment all auth is done by using clear text (which is fine as the network has no connection to the internet at current) however in the future it will so I am trying to use ssl however I am having confusing as which certificates I point to where in the slapd.conf file
View 2 Replies
View Related
Oct 20, 2010
So I am creating a LDAP server for my school's Linux lab, so users on our school network can log into the Linux machines.
I found a guide here url...Authentication
But during the install, I get the following error.
update-rc.d: warning: libnss-ldap start runlevel arguments (2 3 4 5) do not match LSB Default-Start values (none)
View 2 Replies
View Related
Sep 28, 2010
Just installed openldap server on a VM CentOS called 'ldapsrv', it works fine, ldapsearch returns all ldap information.
Installed openldap client on another VM CentOS called 'ldapclient1', configured it with most basic configuration, no ssl/tls etc. but ldapsearch returns error:
ldapsrv is pingable:
Some outputs:
PHP Code:
PHP Code:
View 20 Replies
View Related
Mar 13, 2010
i have configured ldapserver on rhel4 for creating address book
following are configuration files on ldap server
/etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
i am able to import this ldif file into database.also when i perform the ldapsearch on this server with command"ldapsearch �x �W �D �cn=manager, dc=example, dc =com� �b �dc=example, dc=com�" i get correct output.
but when i am trying to search from another client machine, i am getting "error ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"
also when i configured address book on mozilla on server., it is working fine.but not working on another machine.is any configuration is missing on client machine.both ldap server and client are configured on rhel4es without any firewall or selinux.
View 3 Replies
View Related
Apr 5, 2010
i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap
here is my config file on ldap client (i am not sure if it is the right place though)
ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap
pico /etc/ldap/ldap.conf
#
# LDAP Defaults
code....
View 11 Replies
View Related
May 25, 2011
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
View 1 Replies
View Related
May 31, 2010
I'm trying to set up a Linux server and I am new to this. I have gone through most of the configuration using SAMBA 3.0 and when I populate the ldap directory all I get this error before the password request:
Then when I perform an ldapsearch to see if the directory is populated I get this message:
I'm positive all my .conf files are done right.
View 3 Replies
View Related
Nov 28, 2008
I'm checking with a sniffer and there's activity going on between the client and the LDAP server... as a matter of fact, the sniffer shows that the search is producing one ldap item, however, php says it can't contact the ldap server (after it has bound and everything):
The script is working beautifully on another host with debian.
View 7 Replies
View Related
Jul 2, 2010
I took to yast to install ldap. I creating the CA cert, server key and server cert and specified them during the yast ldap server dialogs.
The firewall is open for ldap.
I also went through yast's ldap client ... though I didn't exactly see to anything (presuably it wrote up a configuration file somewhere).
However when trying use the basic ldap tools, like ldapwhoami. Well it doesn't connect and gives me the above error. Of coure the ldap db is unpopulated as yet, so it probably is not able to say who am at all. But ldapadd doesn't work either.
It seems to point to my SSL usage not being correct .. so I'm trying to double check that now.
View 2 Replies
View Related
Jun 29, 2011
how to install and configure ldap server in linux 10.04.or 9.4 i cant do it
View 1 Replies
View Related
Jun 5, 2011
In the past I found some great help on this forum, so here goes. Bare with me because it's a long story. I'll try to be as complete as possible. I've installed and configured OpenLdap on a virtual machine with ip 192.168.39.134. I've added 2 users via LAM. In the ou WikiUsers and the domain is wiki.local.
I've then created another host with ip 192.168.39.133 with mediawiki installed on it. Then I added the extension LDAPAuthenthication. In the LdapAuthentication file I added this code (only the last paragraph is mine, I added the others to show it's location in the script):
Quote:
$path = array( $IP, "$IP/includes", "$IP/languages" );
set_include_path( implode( PATH_SEPARATOR, $path ) . PATH_SEPARATOR . get_include_path() );
[code]...
I know I'm close because I can't register any new users or accounts on the mediawiki site. Although I could before I added the LDAP service. This is indeed all just to test and get to know how LDAP works. That's why it's all virtual in VMWare. I did not really configure anything on the LDAP, i just installed it and chose a domain (wiki.local).
View 5 Replies
View Related
Apr 28, 2010
Im doing a security based project in an organisation. In that,we have to provide authentication of each user who logs in. To store information of all employees we are using LDAP server. The problem is some of the packages of LDAP server like openldap-servers are not installed in fedora. How to install particular packages in fedora?? or should we install the whole LDAP server again?
View 1 Replies
View Related
Nov 19, 2009
I had 11.1 for some time, was working fine. decided to upgrade... long story short - did a fresh install with livecd of the 11.2. I use ldap server for authentication, its on the lan. configuration during install goes through fine. fetch dn, etc... then after the bootup - authentication error for any user except root. At the same time automounter works fine, ldap requests are going through for hosts (my local hostnames are also on this ldap server), I can edit users through YAST when logged on this box, but alas! even for "su - user" I get "incorrect password", whereas if I am root, then "su - user" gets me logged in as user. password does not go through!
View 3 Replies
View Related
Apr 27, 2010
We have a ldap server which has been running for a couple years now, and I was told to make a fallback / backup ldap server. So should the old one fail we won't be officially screwed.
View 1 Replies
View Related
Nov 10, 2010
I was fiddling around and unchecked the lda api thingy when I was experimenting with TLS now I can't connect to the ldap server ...is there any way to get it back.
View 1 Replies
View Related
Feb 27, 2010
How do I go about to troubleshoot the failure of ldap server start on openSUSE 11.2? I added a custom configuration (through GUI) and now the server does not whant to start with that configuration.
View 1 Replies
View Related
Aug 24, 2011
Does anyone have a good how to or a good website on setting up Fedora 14 with ldap ?
View 2 Replies
View Related
Apr 27, 2009
I'm setting up a LDAP server to centralize the admin of a bunch of Centos 5.2 servers. I've got the LDAP server set up. I've got my client machines reading their autofs mount tables from LDAP. Now, I'd like to get name resolution working via LDAP.
Here's what I have so far:
1) /etc/nsswitch.conf contains the line "hosts: files dns ldap"
2) /etc/openldap/ldap.conf has URI and NSS_BASE_HOSTS set up to indicate root of "hosts" subtree in LDAP database.
3) "hosts" node in database is an "orginizationalUnit" object.
4) Below "hosts" I have a number of "ipHost" nodes defined with "cn" set to host name and "ipHostNumber" set to host's IP address
This setup doesn't work. Attempting to ping a host by name locks up. If I take the "ldap" keyword off of the "hosts:" entry in the nsswitch.conf file, the ping then returns immediately with "unknown host".
I'm surprised that there isn't better information available online on how to do this. I've found bits and pieces, but nothing concise. how to get name resolution working through LDAP?
View 3 Replies
View Related
Apr 11, 2011
I am switching to Gnome because its look and feel is closer to Windows for my workgroup. LDAP and NFS are working fine with KDE and SSH. but I cant login with LDAP users both directly or via NX client. When logging in directly on the server it shows this error:
Code:
"Xsession: Login for <user> is disabled "
When logging via NX client it says, it authenticated successfully and then quited with this popup message:
Code:
Could not connect to session bus: Failed to connect to socket /tmp/dbus-0frstajyNE: Connection refused
I closed this popup window and one more appeared:
Code:
Could not acquire name on session bus
[Code]....
View 2 Replies
View Related
Jul 18, 2011
I'm trying to setup a LDAP server and it seems to have all gone pretty well. I set it so that users that type their passwords wrong 5 times are locked out for 20 minutes. That works fine, but if I want to log on as an admin and unlock their account before that 20 minutes is up it isn't working.Normally, (authenticating locally)
Code:
passwd -u blank888
works and does what I want it to. If I want passwd to recognize the LDAP server I use
Code:
passwd -D cn=Administrator,dc=example,dc=com -u blank888
When I run that, it always asks for the admin password like it should, but then will only work on some accounts and not others. Mainly I've seen that it only works on accounts that already had local accounts before connecting to the LDAP server.If I run a passwd -Sa command I will get something like:
blank888 LK 07/18/2011 0 999 7 -1
blank888 LK 07/18/2011 0 999 7 -1
test LK
blank888 already had an account on the machine, but also had a LDAP account along with test. So blank888 is showing twice because he has both LDAP and local accounts, whereas test only has a LDAP account. So now if they both get locked out passwd -D $adminDN -u $account will work for blank888 but not test. Then the results of a passwd -Sa would be:
blank888 PS 07/18/2011 0 999 7 -1
blank888 PS 07/18/2011 0 999 7 -1
test LK
I need to be able to unlock test using passwd. The LDAP server is running 11.2, and the hosts are running various Linux distros, and XP.Can anything think of a way to fix this without removing the LDAP server, adding local accounts for everyone, and then putting the LDAP server back on?
View 2 Replies
View Related
Jul 13, 2010
can anyone tell me what is the difference between these two files of LDAP client /etc/ldap.conf and /etc/ldap/ldap.conf and for what purposes these two files gives services. Is it necessary to have these two files at a time ?
I use these files to install LDAP client to authenticate with our LDAP server by creating a symbolic link of /etc/ldap.conf to /etc/ldap/ldap.conf.
View 8 Replies
View Related
May 23, 2011
I had a machine that is using ldap, but need to remove it completely.I edited the /etc/nsswitch.conf and removed all references of ldapand renamed /etc/ldap.conf to /etc/ldap.conf.bakI can log in as root, but cannot log in as any user in /etc/passwdIn the /var/log it shows pam_ldap: missing file "/etc/ldap.conf"I am guessing I am missing something else?I never set this machine up for ldap, was here when i got here, so not sure of steps to even put ldap on.
View 2 Replies
View Related
Oct 18, 2010
Im an IT manager for a small company with a small ammount of users. We already use linux for our data server and I would like to implement a domain controller. All of our user machines are WIndows XP pro.
Ive been reading up on using OpenLDAP as an alternative to active directory.
What I want is just a simple active directory like server, with a GUI if possible.
What do I need to look at and how would I go about setting this up? Im fairly proficient with Ubuntu already, I just need to be pointed in the right direction.
Is it even possible to have my windows users be able to log in to their machines using an ubuntu domain controller?
View 1 Replies
View Related
Jun 29, 2011
I am aware that there is a qmail-ldap package to have ldap back end for qmail. But I need only user authentication for qmail through ldap (not the backend; i.e still keeping Mysql as the database). I am pretty new to mail server configuration. I have just configured a (q)mail server (which is currently my sand box) and am able send and receive emails. I am planning to add ldap authentication (just that) to it. Can anyone point me to the right direction?
View 6 Replies
View Related
May 21, 2010
I'm trying to add the -audit option to X Server. I run ps -ef | grep -v grep | grep "bin/X" and get: root 2511 2506 0 10:35 tty7 00:00:09 /usr/bin/X:0 -br -verbose -auth /var/run/dgm/auth-for-gdm-sScn1P/database -nolisten tcp vt7 So I'm thinking that I need to add -audit to the /usr/bin/X file, but I believe that it's binary and created by something else, but I can't find that "something else". How on earth can I add this option? I have opened up 1,000,000,000,000,000,000,000 files (slight exaggeration) and I've come up empty.
View 1 Replies
View Related
Feb 1, 2010
I'm trying to setup a media server for my Playstation 3 I've opted for the one off of this site PS3 Media Server now the installation instructions in the README don't really say much just make sure you have JRE 6 and run the script which I have done but get a message that I can't even began to cipher which is the following..
Code:
./pms.jar: line 1: PK: command not found
./pms.jar: line 2: h:: command not found
./pms.jar: line 25: h:META-INF/MANIFEST.MFManifest-Version: 1.0
Ant-Version: Apache Ant 1.7.0
[Cpde]....
View 9 Replies
View Related
Jun 3, 2010
I was searching for a doc on the exact steps to setup a bridge for use by my KVM setup. I needed my VMs to be bridge onto the eth0 network. Some docs I found on google seemed to be outdated.
[URL]
View 2 Replies
View Related
Dec 17, 2010
I am setting up a PDC using suse 10.1 but I get the error(failed to modify entry:
structural object class modification from 'sambaDomain' to 'inetOrgPerson' not allowed at /usr/sbin/smbldap-populate line 464, <GEN1> line 21.) when I run /usr/sbin/smbldap-populate command
linux-5r4o:~ # /usr/sbin/smbldap-populate
[code]....
View 1 Replies
View Related
