[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: id: cannot find name for user ID 500



Hello!

I thank u again 4 helping me. I really am very happy about it. Because If i
have a problem i can usually find a slution myselfe. I spend much time in
reading man pages, /usr/share/doc, mailing list archives, Books, HOWTOs and
googeling, but when i get stuck another person who helps is really like an
angel. Now i spend at least 2 Weeks/6hours a day and LDAP is still a
mirracle for me. But thanks to u not as much as in the beginning :-)

>> 2) I assume u hv run authconfig, if so, edit /etc/pam.d/system-auth
>> change this:
>> account     sufficient      /lib/security/$ISA/pam_unix.so
>This really did something (see above) but why?
>
>GT: RedHat Bugzilla has a bug report on "no such user", similar to yr
>"cannot find name for user" issue, there were some suggested workarounds,
>I tried some of them but they did not work, and finally I found this is
>the "workaround".
Yes this was the solution, but what does that have to do with TLS/SSL? Why
did it work without TLS/SSL, and didn't work wtih TLS/SSL - i wonder. Really
seems to be a bug.

>> What does that have to do with TLS???  
> GT: Don't u want SSL protection?
Sorry I ment TLS/SSL . U see after turning on TLS/SSL i got the "id: cant
find..." problem. Without TLS/SSL it worked great right away.

And now the same with the "proxyagent". I think it would be good for
security. But at the moment i don't use it, because if i do (see config
files in last EMail) i get the "id: cant find..." problem again. Now this
astonishes me really.
 
> dn: uid=testuser,ou=group,dc=amazone,dc=or,dc=at
> 
>  
> GT: u seemed to mix up ou=People and ou=group, it shld be: 
> dn: uid=testuser,ou=People,dc=amazone,dc=or,dc=at
> OR ELSE u must map ou=group as uid lookup in /etc/ldap.conf 
Ah, you see that was a typo. I changed something from the output. Its
because i didn't want to complicate things. See i found out that u can have
different Groups in LDAP. I found that i could use ObjectClass=posixGroup
and memberuid=testuser in the ldif for the groups. So i created 2
group-leaves on top of "ou=group,dc=amazone,dc=or,dc=at", thats
"cn=users,ou=group,dc=amazone,dc=or,dc=at" and
"cn=team,ou=group,dc=amazone,dc=or,dc=at"
 Then i experimented with that and testuser was a leave on top of the user
group. Which gives us
"uid=testuser,cn=users,ou=group,dc=amazone,dc=or,dc=at"
but all the other users where leaves on "ou=users,dc=amazone,dc=or,dc=at"
like "uid=martina,ou=users,dc=amazone,dc=or,dc=at" (like in yr HOWTO)
so i had to be very carefull with all my testing. Everytime i used your help
and your HOWTO i had to test with a normal user. But when i wanted to test
if a user is in the correct group and so on i used also testuser to see if
there is a difference if the leave of a user is here or there...

Now i will make weekend :-) Next week i'll try the "proxyagent" stuff again
maybe. You seem to motivate me not to give up!

Best regards

ciao, nico.

-- 
Supergünstige DSL-Tarife + WLAN-Router für 0,- EUR*
Jetzt zu GMX wechseln und sparen http://www.gmx.net/de/go/dsl



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]