SUMMERY about Client Problem

Tay, Gary Gary_Tay at platts.com
Wed Sep 22 06:29:12 UTC 2004 

Anyone just correct me if I am wrong.

Do not set a "Manager" binddn in LDAP Client's /etc/ldap.conf file and
expose the bindpw, try to use a different binddn object which has less
ACL rights especially when Manager can change anything including
userPassword, LDAP client will try to bind as anonymous if binddn/bindpw
are not defined.

Because it is binding as "Manager", it succeeded always even if there is
any ACL at the server.

RedHat's authconfig has an "operation" issue, it WILL ALWAYS OVERWRITE
/etc/pam.d/system-auth (instead of incremental change) and MAY OVERWRITE
/etc/ldap.conf if u define LDAP Authentication stuff, it may also make
changes to /etc/nsswitch.conf and at the end restart nscd.

Due to this, if u have customized or bug fix changes to /etc/ldap.conf,
u hv to do the "step two" u called, manually.

Gary

-----Original Message-----
From: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com]
On Behalf Of Rezk Mekhael
Sent: Wednesday, September 22, 2004 7:54 AM
To: openldap-software at OpenLDAP.org
Cc: pam-list at redhat.com
Subject: SUMMERY about Client Problem


	The reason I have this problem, I am running ACL on the server
side, so I need to do two steps on the client side not one:

One the client side:

1) run authconfig will update this 2 lines on /etc/ldap.conf
		"base ou=people,dc=domain,dc=com"
		"host ldap_server_name.domain.com"
2) edit /etc/ldap.conf
	binddn "cn=Manager,dc=domain,dc=com"
	bindpw "ldappassword"
	rootbinddn "cn=Manager,dc=domain,dc=com"



Can we make a SUMMERY for all of the fix, it will be easy for all of us
when we search , just the problem and the fix and in the subject line 
"SUMMERY for ....."





--
Sincerely,
Rezk Mekhael
Manager of Systems


At 01:09 PM 9/20/2004, Rezk Mekhael wrote:
Hi managers,


        I have two redhat machines acting in an openldap client/server 
role. Whenever I  try to log in to the openLdap client  with my user ID

registered in the LDAP  directory you got the following message before 
getting a shell prompt : "Cannot find name for user ID..."

but I am  authenticated just fine, but I can  retrieve my user ID using

"id" but I can't see account name only I can see the ID not the account

>name
>login: my
>Password:
>Last login: Fri Sep 17 13:18:58 from oscar.abcz.com
>id: cannot find name for user ID 670655
>robles11.abcz.com> ls -l
>total 32
>-rwxr-xr-x    1 670655   36           4375 Sep 30  1999 dead.letter
>drwxr-xr-x    2 670655   36           4096 Jul 10 18:37 mail
>-rw-r--r--    1 670655   36          19968 Feb 15  2000
ResearchReviewAccept
>34.doc robles11.abdz.com>
>
>
>It is the same problem in this link
>
>http://www.redhat.com/archives/redhat-list/2004-May/msg00911.html
>
>
>any idea
>
>
>--
>Sincerely,
>Rezk Mekhael
>
>Incoming / Outgoing Mail scanned for known Viruses by CLUnet(R)

Incoming / Outgoing Mail scanned for known Viruses by CLUnet(R)


_______________________________________________
Pam-list mailing list
Pam-list at redhat.com https://www.redhat.com/mailman/listinfo/pam-list

More information about the Pam-list mailing list