I am unable to find any ldap.conf parameter or pam.d/system-auth setting from where i can restrict the LDAP users having uidNumber less than a particular number, say 500 to login into the system.I am using OpenLDAP server and tried pam_max_uid 500 in ldap.conf but it didn't work.
View 2 RepliesI have LDAP authentication working via SSSD using authconfig-tui and a few minor modifications to sssd.conf (ie: max_id etc). The problem I am having is it would appear /etc/ldap.conf is being ignored and/or setups that work perfectly on RHEL5, F11 and F12 no longer work on F13. Specifically Im referring to "pam_check_host_attr" and "nss_map_attribute". It refuses to honor either of these options and I can only assume a number of the other options in our ldap.conf. For instance, "nss_map_attribute" is defaulting to the standard "homeDirectory" rather than "homeDirectoryLinux". This is related to a bunch of OSX clients we have and its not optional to use another setup. The host restriction is also a major issue.
Relevant sssd.conf:
[domain/default]
auth_provider = ldap
cache_credentials = True
can anyone tell me what is the difference between these two files of LDAP client /etc/ldap.conf and /etc/ldap/ldap.conf and for what purposes these two files gives services. Is it necessary to have these two files at a time ?
I use these files to install LDAP client to authenticate with our LDAP server by creating a symbolic link of /etc/ldap.conf to /etc/ldap/ldap.conf.
If I do something to the effect of this:ldapsearch -b "dc=example,dc=com" -x -z 3000
I'll get this back at the end of the result set:
# search result
search: 2
result: 4 Size limit exceeded
The thing is is that I have way more (thousands) than what's being displayed here. And I've tried to mess around with /etc/ldap.conf, changing the SIZELIMIT directive to something else, 10000, let's say, and restarting the server, but the same goddamn thing happens.
I've been messing around with this for quite some time now, hopefully someone will be able to shed some light on this so that I can learn my way out of this mess that is LDAP. Also in a related matter, I'm running Mint (based off of Ubuntu), and all the documentation that I've seen (probably read a good 100+ pages in a few days now on this) keeps telling me to make changes to my slapd.conf file. What slapd.conf file? It doesn't exist, I can't find it at least. find / -name slapd.conf turns up nothing.
I had a machine that is using ldap, but need to remove it completely.I edited the /etc/nsswitch.conf and removed all references of ldapand renamed /etc/ldap.conf to /etc/ldap.conf.bakI can log in as root, but cannot log in as any user in /etc/passwdIn the /var/log it shows pam_ldap: missing file "/etc/ldap.conf"I am guessing I am missing something else?I never set this machine up for ldap, was here when i got here, so not sure of steps to even put ldap on.
View 2 Replies View RelatedAfter I installed Linux OS(for example:SuSE10,redhat5),the [root] parmeter of [kernel] in created grub.conf seems that sometimes it's defined to device name.sometimes it's defined to Label or sometimes UUID. So ,I want to know what is that relative to? Hard disk type or OS version or both?
View 1 Replies View Relatedi have dual boot system with windows7 and ubuntu 9.04 i am unable to find lilo.conf file in /etc. what's this file? what to do?
View 2 Replies View RelatedI am not able to find /etc/resolve.conf on my centos machine.it says no such file or dir .with out this file i am not able to connect to internet.when i ping my localhost and my machines ip address i am getting a reply.but when i ping some domain(eg - google.com) i get no reply.i tried manually entering the dns nameserver from system->adminstration->network->dns tab.i dono what ip to enter there..
View 2 Replies View RelatedI am setting up LDAP server, i set slapd.conf(dc=proldap,dc=com) and start ldap it is OK but when i check using ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts result is : namingContexts: dc=my-domain,dc=com
it seems that it did not use my slapd.conf so i tried removing my slapd.conf from /etc/openldap and start slapd again and it did start with no errors. and when i do ldapsearch again still uses dc=my-domain,dc=com
I tried searching about this in google and found no answers,
my reference in setting up ldap is the link below. but it seemed that it always uses another configuration not the one i modified
I'm using Fedora12, ldap version 2.4.19. i installed ldap by yum install url
url
phpmyadmin files are in usr/share/phpmyadmin but i cant find anything in my apache2.conf or httpd.conf files that point to that directory.How do I find the route taken from the Server root "ServerRoot "/etc/apache2"" to the phpmy admin files.
View 5 Replies View RelatedI try to setup OpenLDAP on Debian Squeeze.But it seems the documentation I found is differed than the installation.
Normally I would expect /etc/ldap/slapd.conf as also mentioned at url.However this file does not exists and I got the feeling Debian changes a lot with the default (bit poor if you asked me).Seems they created a LDAP database and put the config in there, correct me if I am wrong?A folder /etc/ldap/slapd.d is created with some config inside. And also a /etc/ldap/ldap.conf does exist.
Is there any documentation on this, and what if I would like to have a flat config in /etc/ldap/slapd.conf?
Does anyone know a method for setting the timeout period for failed logins on Linux RHEL5.x systems? Linux docs say to set the failed login delay paramter in /etc/login.defs to the desired seconds. I did this, but the settings have no effect, ie weather set to 2,4,10, etc, the actuall failed login timeout period(which I verified with a stopwatch), never changes.
View 1 Replies View RelatedI am trying following script can I do this or is there a way to do find and replace the replacing word is dynamic input by user
echo -n "Enter name:"
read RP_USER
sed 's/text1/$RP_USER/' /home/user/file1 > /home/user/file2
I'm trying to change that:
Code:
modprobe ipt_recent ip_list_tot=500
But it's not work Can I change menually in /sys/module/xt_recent/parameters/ip_list_tot Or there is other way
Slapd is up and running perfectly well, and I can add and remove entries without a problem. My OS is the Ubuntu based Mint.
So I was hoping for someone to give me a nudge in the right direction for doing this without a slapd.conf file, or directions for how to force slapd to pay attention to a slapd.conf file whose location I specify.
I've tried messing around with /etc/ldap/ldap.conf to no avail, I've tried just putting in a custom slapd.conf file but slapd doesn't pay attention to it.
And to the best of my knowledge I can't find anything written on this specific topic. I can find plenty on slapd.conf's, but that's just taunting me considering I don't even have it on my system.
I got the following modprobe scripts modprobe -k -q streams what does the -k parameter mean?. is it exist in older modprobe? I don't see -k parameter in recent modprobe.
View 1 Replies View RelatedIs there an ssh or sshd parameter that can be set to block out a user after a set number of attempts tp login ?
View 1 Replies View RelatedI just focus on the filter table:
First : What is the meaning of the "opt" parameter?
Second : What is the aim of the "destination" for the INPUT chain ? The destination must be the ip of machine, isn't it ? I must put anywhere (except if my ip is fixed), right?
Third : The same : What is the aim of "source" for the OUTPUT chain?
Fourth : What are the following rules?
Code:
target prot opt in out source destination
ACCEPT udp -- eth1 any anywhere anywhere udp dpt:bootps
ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:bootps
ACCEPT udp -- eth1 any anywhere anywhere udp dpt:domain
ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:domain
eth1 is my wireless interface and I use it on a local network, my comp being the gateway.I suppose that "domain" is linked to the dns and it must be open if the devices on the lan specified my comp as their dns, right? But what about bootps?
I enabled LDAP from the system>administration>authentication and have not had any luck with it working. I now want to turn it off and log back into my machine normally.
I logged into terminal as root and told it to change the config files back to the previous ones and now it will not let me log into any of my accounts including root! this is via X, SSH and terminal.
If i boot into single user mode and change a users password this makes no different.
I am integrating my Unix box to the Windows AD using PAM_LDAP and Kerberos enabled. I was wondering, since Kerberos is enabled is there any point to enable SSL on my LDAP.conf? My understanding is that since Kerberos is enabled, therefore the username/password is sent securely there isn't any benefit of enabling SSL on the LDAP.conf? It's one of or another.
View 1 Replies View RelatedI am using centos 5.5 I have installed open ldap on it via yum. when I edit slapd.conf and make it to load ppolicy.conf, I get message that the file is not found.
View 1 Replies View RelatedPlease let me know:1. What LDAP logs are typically available2. How to find them3. How to Parse them
View 3 Replies View RelatedI have openldap server and i am authenticating with Redhat Directory Services(RHDS).I have confgured the RHDS for the user login giving /bin/bash as the login shell and joined the client machine using system-config-authentication.The user is able to login in connand line but below it gives the error :
"cannot find name for group id <id number>"
I have a problem with my fedora workstation.I am trying to change my ldap user password through passwd command.When I first create the user on ldap server, I use md5 and create the user password.This is the entry:
Code:
dn: uid=boo,ou=People,dc=linux,dc=gettolandia,dc=org
uid: boo
[code]....
I have a working LDAP-server (I belive!!) I want my laptops to authenticate against the server, when they logon. That works fine as long as the network is present. But I also want the users to be able to log on, when the network is down. When I go to a terminal (without network) I can su to another LDAP-user.I can login via graphical login-screen with the network attached, but not when it is disconnected.
In a terminal id john gives me information about the user john.
My conf. files looks like this:
/etc/ldap.conf
host 172.16.0.138:389
ldap_version 3
bind_policy soft
[Code]...
I have been battling with FreeRadius with LDAP backend and Microsofts built-in supplicant. I found on some directions that the certificate you use have to have a EKU(Enhanced Key Usage) with an ODI of 1.3.6.1.5.5.7.3.1 and a Client side Cert with the same except a ODI of 1.3.6.1.5.5.7.3.2. First off, is this still the case in Windows 7/xp?If it is, how do I add that to a certificate with OpenSSL, FYI I am using the ca.cnf/server.cnf under the /etc/raddb/certs directory.Another question, has anyone got the MS Supplicant to work with Freeradius and a LDAP backend? If so can you point me in the direction of some good walk through?
View 1 Replies View RelatedI can't find smtpd.conf as described here: https://help.ubuntu.com/community/Postfix
Do I create the file or do I have to do something to install saslauth?
I have Red-Hat 5.6 , bind package and chroot installed, but i did not find the file named.conf in /etc !!!
View 3 Replies View RelatedUbuntu 10.04
I can't find xorg.conf on /etc/X11/ How to create it?
I'm reading about how to set log options and I can't find /etc/syslog.conf?
I'm using fedora12 , ubutnu 10.04 and suse 11.2.
And Can't find syslog.conf anywhere.