OpenSUSE :: Ldap Users Appear With UID Numbers, System Claims They Don't Exist?
Jan 19, 2011
I wanted to use ldap to create users on my machine.I got LDAP set up via yast, and it seems to work OK. But when I create a user via LDAP, the system doesn't seem to want to know.LDAP actually creates a home directory for the new user, but the system merely assigns it a UID and nothing else.I have access to another opensuse system which does not behave in this way. I.e. I can set up a user exclusively in LDAP and the system will recognise the new user no problem.I have compared the two ldap configurations to see if there's some magic "propagate LDAP users to Local users" setting, but this doesn't appear to exist
View 2 Replies
ADVERTISEMENT
May 25, 2011
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
View 1 Replies
View Related
Apr 16, 2010
Now I have my ldap server doing authentication and providing autofs maps perfectly the next question ... is there a utility anywhere that will allow me to stuff 1200 users into the ldap server from a csv file
View 4 Replies
View Related
Mar 31, 2010
I've compiled openssh-5.4p1 on RHEL 4.8 with Openssl 0.9.8m + pam It works perfect without pam (pam-0.77-66), both with password and public key auth. Whith pam enabled and LDAP (openldap-2.4.21, from scratch) something strange happens: system users: I can do ssh with both password and public key LDAP users: public key works for remote users, still I cannot do ssh with just password. I'm trying a custom PAM configuration, because the default one (even with authconfig + LDAP ) blocks ssh even with system users.
My pam SSHD configuration is:
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
[code]....
My LDAP users are ok: i can do "su - " remote LDAP (so that nss_ldap is OK), also getent passwd and getent group is ok.
View 2 Replies
View Related
Apr 11, 2011
I am switching to Gnome because its look and feel is closer to Windows for my workgroup. LDAP and NFS are working fine with KDE and SSH. but I cant login with LDAP users both directly or via NX client. When logging in directly on the server it shows this error:
Code:
"Xsession: Login for <user> is disabled "
When logging via NX client it says, it authenticated successfully and then quited with this popup message:
Code:
Could not connect to session bus: Failed to connect to socket /tmp/dbus-0frstajyNE: Connection refused
I closed this popup window and one more appeared:
Code:
Could not acquire name on session bus
[Code]....
View 2 Replies
View Related
Jul 19, 2010
we have a server running with Suse linux many years. Meanwhile we changed server hardware about 4 times, mostly also updating to newest Suse version. We used to copy group, passwd and shadow to a backup medium, installed the new system and restored those files onto the new system and all was running fine. Now, some weeks ago we installed 11. on new hardware and after restoring those 3 files after rebooting the system hangs when starting GUI. I can boot into runlevel 3 and login with no problem, but when I boot into runlevel 5 mouse and keyboard are frozen. Also when starting GUI from runlevel 3 with startx mouse and keyboard immediately freeze. If I restore the files group, passwd and shadow as they came from fresh new installation I can reboot and login in runlevel 5 without problems.
OK, if I compare the userlist, as it is generated bei installation,there are some usernames I formerly not had in older Suse versions. I don�t know if this can make problems? I tried to edit the files, to combine the system users from 11.2 with the list of local user names from the old system but without success, again the mouse and keyboard freeze.So some questions arise:1) Why now mouse and keyboard freeze in xsystem, when there are changes in the user list (but only in runlevel 5)2) What is the correct way to save and restore users and groups from old to new system. I googled several hours but did not find a smart way. Maybee someon can point me to a link or a howto where I find the solution
View 1 Replies
View Related
Jun 5, 2011
In the past I found some great help on this forum, so here goes. Bare with me because it's a long story. I'll try to be as complete as possible. I've installed and configured OpenLdap on a virtual machine with ip 192.168.39.134. I've added 2 users via LAM. In the ou WikiUsers and the domain is wiki.local.
I've then created another host with ip 192.168.39.133 with mediawiki installed on it. Then I added the extension LDAPAuthenthication. In the LdapAuthentication file I added this code (only the last paragraph is mine, I added the others to show it's location in the script):
Quote:
$path = array( $IP, "$IP/includes", "$IP/languages" );
set_include_path( implode( PATH_SEPARATOR, $path ) . PATH_SEPARATOR . get_include_path() );
[code]...
I know I'm close because I can't register any new users or accounts on the mediawiki site. Although I could before I added the LDAP service. This is indeed all just to test and get to know how LDAP works. That's why it's all virtual in VMWare. I did not really configure anything on the LDAP, i just installed it and chose a domain (wiki.local).
View 5 Replies
View Related
Jun 28, 2011
Not sure if this is the right place fo this but....I'm just learning to write bash scripts. I'm experimenting on a ubuntu server 11.04 virtual machine.As part of the script I want to automate user creation.Is there a way to check if a user already exists in a script. so i can do something like
Code:
if userexists; then
do this
else
do this instead
fi
View 6 Replies
View Related
Jul 2, 2010
I took to yast to install ldap. I creating the CA cert, server key and server cert and specified them during the yast ldap server dialogs.
The firewall is open for ldap.
I also went through yast's ldap client ... though I didn't exactly see to anything (presuably it wrote up a configuration file somewhere).
However when trying use the basic ldap tools, like ldapwhoami. Well it doesn't connect and gives me the above error. Of coure the ldap db is unpopulated as yet, so it probably is not able to say who am at all. But ldapadd doesn't work either.
It seems to point to my SSL usage not being correct .. so I'm trying to double check that now.
View 2 Replies
View Related
Jan 18, 2010
how to add users to groups with ldap? Further, could someone point me towards some good command-line management tools? Creating each dn manually is going to get old real fast...
View 14 Replies
View Related
Jun 14, 2010
I have an Openldap server and many 9.10 servers using it to check for possible ssh users. No problems there. Just brought up my first 10.04 server and went through the same procedure to allow ldap users to ssh in, works great. The problem is that ldap users cannot su to root on the 10.04 server. Only locally defined users can su to root, though they cannot su to ldap users. The local root user can su to anyone. Quick overview of how I installed ldap login:
Code:
# apt-get install libnss-ldap
# echo "session required pam_mkhomedir.so skel=/etc/skel/" >> /etc/pam.d/common-session
And added ldap to the end of these lines in /etc/nsswitch.conf:
Code:
passwd: compat ldap
group: compat ldap
shadow: compat ldap
This process has worked without a hitch on 9.10 dozens of times. So my question is, why are ldap and local users now incapable of using su across authentication mechanisms? For reference these are the error messages in /var/log/auth.log when trying to su to root from an ldap user:
Code:
Jun 14 16:17:07 server unix_chkpwd[6560]: check pass; user unknownJun 14 16:17:07 server unix_chkpwd[6560]: password check failed for user (root)
Jun 14 16:17:07 server su[6559]: pam_unix(su:auth): authentication failure; logname=ldapuser uid=2000 euid=2000 tty=/dev/pts/5 ruser=ldapuser rhost= user=root
Jun 14 16:17:09 server su[6559]: pam_authenticate: Authentication failure
Jun 14 16:17:09 server su[6559]: FAILED su for root by ldapuser
And the auth.log for trying to su to an ldap user from a local one:
Code:
Jun 14 17:18:18 server su[8473]: pam_unix(su:auth): authentication failure; logname=localuser uid=1000 euid=1000 tty=/dev/pts/0 ruser=localuser rhost= user=ldapuser
Jun 14 17:18:18 server su[8473]: Successful su for ldapuser by localuserJun 14 17:18:18 server su[8473]: + /dev/pts/0 localuser:ldapuser
Jun 14 17:18:18 server su[8473]: bad group ID `2000' for user `ldapuser': Operation not permitted
View 2 Replies
View Related
Feb 16, 2010
I'm using Sun One LDAP server, (Soon to be moving to openldap). I have one Master server, no slaves, about 60 user accounts.
I'd like to add an attribute to each of the users DN's to restrict there ability to login to specific hostnames. I.e. I have hosts A, B and C. Dev staff can access A and B, but not C, and support staff need to access all of them.
I found a link at [url] which talked about using 'hostsallowedlogin' and 'hostsdeniedlogin' attributes but I'm presuming these are bespoke. If they are, how do you configure the ldap.conf to take note of these attributes when authorizing access?
View 14 Replies
View Related
Sep 26, 2010
I have configured ldap on Debian5 and samba on another machine, all servers are running ok, but when i try to add users, it gives me an errror that "unknown user"
View 4 Replies
View Related
Oct 5, 2010
"Merging" may not be quite the right word but that is the desired end result.
Scenario: many Solaris 10 servers, each with various local users. We want to set up LDAP for all for all of them. LDAP server is set up, procedure for getting other servers to use it for user authentication is documented and tested. The question is how to handle users that are in LDAP who also exist as a local user on a given machine.
It appears that the usernames on both sides follow a convention and therefore match but obviously the userids will not match. Local user joe has userid 1234, LDAP user joe has userid 56789.
The way I see it we'll have to:
1. move local user joe's home directory to the path that LDAP user joe will want
2. change local user joe's userid to that of LDAP user joe
3. change joe's files' owner to his new userid
4. remove local user joe
5. finally configure LDAP
Is this a rational procedure? Is there a more effective method? I'm not looking forward to this as there are many servers and each of them have a different set of local users, each with different userids which will have to be handled manually and individually therefore not even scriptable much.
View 1 Replies
View Related
Mar 16, 2009
I did useradd -g users ldaptest and tried logging in remotely but the client always says no such user. what do I have to do to update the users that LDAP sees?
View 2 Replies
View Related
May 11, 2010
I want to upload some files via ftp and after that to access them via http (i have apache2 installed and configured properly) I can't use a ftp with system users because they are located in home.. it should be something with virtual users but the problem with be the file permissions.
View 4 Replies
View Related
Jan 16, 2010
I installed ldap on my server and one of my client machines yesterday.It also now won't let me get into graphical utilities that require root privileges; synaptic for example. It comes back with "incorrect password". I noticed that in the terminal it now requires me to enter two passwords to become root: the root password and the ldap password. I wonder if the two are related.I'm not sure what information to post; there's a ton of configuration files associated with this setup. Can somebody help me troubleshoot this? Thanks!
View 8 Replies
View Related
Jan 22, 2010
I currently have an LDAP database on my Suse 10.2 server for managing authentication and controlling emails for my Cyrus email server. I use this setup to provide email functionality to my web and email hosting clients, as well as DNS functionality, and it uses the default LDAP database that was setup when OpenLDAP was initially configured. Email support is working wonderfully, I might add. I also tested and verified the use of an email lookup directory in two different email clients (Outlook and Evolution) so that I can tell one of my clients how to lookup the email address of users who are setup in the LDAP server, and it works beautifully.
However, I'd also like to be able to allow my clients to build a shared contact database that can also be used in their email clients so that they can share them among all of their users. Ideally, I would need to be able to allow each client to have their own database of shared contacts, and I assume this would be done by creating a new LDAP database for each client company (i.e. group of users) that can contain the list of shared contacts for any of that client's users. When they configure their email client directory settings, they would enter the base path to their database in order to retrieve their shared contact database entries.
In my web searches, I've found plenty of CRM solutions on the web that claim to provide this type of functionality, but I believe that OpenLDAP contains everything I need to make this work without adding another layer of software to the server solution. (I subscribe to the "Keep it Simple, Stupid!" approach whenever possible.) Essentially, I need to have People entries in a client's LDAP database that are NOT email users on the system. The fields in the standard people schema are all the fields they would need - as long as I can figure out how best to add these non-user entries in the LDAP database. Are there any potential difficulties in creating additional LDAP databases expressly for this purpose?
Are there any tricks to adding contact entries into a client's LDAP database without them also being current email users on the server, so that those entries can be retrieved through an Email Client directory lookup? I will also want to provide an easy method for my client users to add new entries to their LDAP contact database, most likely through a web interface for them that could then issue LDAP commands on the server based on the input fields for the new contact. (I don't believe this is possible from within the email client itself.) Is there any reason this could not be done with the proper configuration? What should I be aware of as I setup this contact management web interface? Is there a better way for non-technical client users to manage this list of shared contacts?
View 3 Replies
View Related
Mar 18, 2011
I installed and configured LDAP server and client on RHEL5 successfully. Problem is that when I add more than one user on server and clients, It shows error 'invalid user'.When I run the command:-#chown -R user:users /home/user, It shows error 'invalid user'. by step for adding and modifying more users in ldap servers.
View 1 Replies
View Related
Feb 1, 2011
How to disable the LDAP Users automatically with the specified time duration. For this any configuration file required or else a script need to be written.
View 1 Replies
View Related
Mar 21, 2011
I have a setup of squid3 with ntlm authen and I use squidGuard 1.5 to filter my web traffic. My squid3 is authenticating users properly and parsing all rules. The problem is with squidguard which doesn't seem to filter out users. below is my squidguard config.
Code:
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log
[code]....
View 3 Replies
View Related
Oct 6, 2010
I have just installed openSUSE 11.3 and enjoy using MonoDevelop , and I tried to use XML Serialization in C# : The Help shows the following code for XML Serialization :
C# Example
// Simple XML serialization
using System;
using System.IO;
using System.Xml.Serialization;
public class MyObject {
[Code]...
but when tried the same code the error was : /home//Projects/xmlTest/Main.cs(14,14): Error CS0234: The type or namespace name `Xml' does not exist in the namespace `System'. Are you missing an assembly reference? (CS0234) (xmlTest)
View 1 Replies
View Related
Sep 23, 2010
Turns out I downloaded the openSUSE 11.3 DVD Full and well, I see that in the boot options, I do not see the option "Repair System", only:
"Install"
"Booting from Hard Disk"
"Verify installation media"
"Firmware Test"
"Test Hardware"
No more, and I see that everyone leaves the option, as in version 11.2, to "System Restore / Repair System" Is there any way to get it? I need to repair GRUB, as I appear, I had it in a logical partition and therefore I have GRUB errors, since the re-installation of windows and then deleting it, I thought of this. Any way to get this option by the Live CD or what? Is it a BUG in version 11.3?
View 9 Replies
View Related
Feb 24, 2011
I am using 10.04 ubuntu server. I configured the ldap server. I configure the client machine to contact the ldap server for authentication. But if i tried to ssh john@localhost, it says could not chdir to home directory /home/john: no such file or directory.
View 1 Replies
View Related
Aug 4, 2011
I have Ubuntu 10.04.2 (Linux 2.6.32-33-server on x86_64) with OpenLDAP 2.4.21 and Webmin1.550. I converted my ldap database from another system with the older style schema (OpenLDAP 2.3.3 with slightly older Webmin version 1.480) and no longer use slapd.conf, but the newer slapd.d format.
It all works fine except for one thing. When I add a new user, it lets me type in the additional LDAP fields:
But when I click the Create button, all the fields get jumbled together in the Title/Position box with a diamond question mark delimiting the fields:
Modifying existing users (which have the Additional fields displaying correctly) also has the same result - it moves the fields all into the one Title/Position box with the diamond shapes with question marks inside between each entry. Is it a problem with my schema files? I tried reverting to the older shema files and slapd.conf and it still did the same thing on the new system. I am really at a loss.
Here is also the output of ldapsearch for that user (host and samba ids are sanitized):
Previously added users that show the fields properly have "description:" and then the field listed for each Additional LDAP field. Also shouldn't the "title" be visible in plain human readable text here? - it looks like it encrypted it somehow - similar to a password hash. The older system works fine and the fields are all readable and in their proper locations. But the new system just doesn't work right.
View 1 Replies
View Related
Jan 6, 2010
In researching current ldap issue (not being able to do anything but log in) it seems that there are no concepts of privileges, roles, etc. that could be assigned to a user in LDAP.
I've only seen fields that deal with name, organization, etc., not with application-specific access control.
I have to assign certain access privileges to users authenticated via LDAP server based on the privilege level mentoned in the LDAP server. How to attain this.
View 5 Replies
View Related
Aug 7, 2010
I would like to ask:How do I setup LDAP auth of users/groups on Debian 5.0?Is it using LDAP Migration tools? Can be done differently? Using different tool? Some nice tootorial?Some up to date book for LDAP or I need to dig in openldap.org?I'm learning by book which is a lil bit older so Im bit confused.
View 1 Replies
View Related
Oct 19, 2010
Is there a possibility in openldap to allow a user to only create/manage specific LDAP users?For example user "mailadmin" may only create/manage mail accounts in LDAP that are named like "m1342895"? Or a specific list of user accounts that are in a specific group?
View 1 Replies
View Related
Jun 29, 2009
I know of /etc/security/limits.conf and that can be used to limit all sorts of good things, but I haven't found anything that talks about using this when the users come from LDAP. Would I be able to do something like
@"Domain Users" soft nproc 25
@"Domain Users" hard nproc 40
where Domain Users is the group all users belong to in our system.
View 3 Replies
View Related
Nov 7, 2010
So, I have mail server ( posfix ) and ldap server, they works fine. I can add/delete users from posfix, and they can send / receive mails to/from any address. At same time my ldap server works fine, I have also users in it, my "simple" question would be...if I have user "test1" in ldap, what I have to do to connect--enable that user to send mails ?
View 1 Replies
View Related
