[rhelv6-list] trying to get ldap system authentication working via nslcd
Jason Welsh
jawelsh at cisco.com
Wed Aug 28 17:35:29 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
actually, i finally got the nslcd part working! I had to use
map passwd uid cn
filter passwd (objectClass=user)
now the system will recognize my userid when i do
id userid
but now the issue is with the system authentication, whenever i ssh into the server and put in my password, I get
sshd[11964]: pam_ldap: ldap_search_s Bad search filter
and I cannot figure out whats causing it.. Im guessing its the /etc/pam_ldap.conf
pam_filter objectclass=user
?? but ive tried many things there, but cant get past this error message.
regards,
Jason
On 08/26/2013 07:46 PM, Collins, Kevin [Contractor Acquisition Program]
wrote:
> I think your problem might be this:
>
> --ldapbasedn="ou=Some Users,dc=cisco,dc=com"
>
> This option is for specifying the base of your directory, which is where the various OUs (People, Group, Netgroup, etc) will reside.
>
> I have only run LDAP on linux in environments where we migrated from NIS, but that is how it is there.
>
> Here are some example DNs from our environment:
>
> dn: uid=oracle,ou=People,dc=xxx,dc=yyy
>
> dn: cn=dba,ou=Group,dc=xxx,dc=yyy
>
> dn: cn=os,ou=Netgroup,dc=xxx,dc=yyy
>
> dn: cn=daemon,ou=Aliases,dc=xxx,dc=yyy
>
> I masked the Base DN as "dc=xxx,dc=yyy" but you can see how all the other OUs are "based" to that?
>
> Kevin
>
> -----Original Message-----
> From: rhelv6-list-bounces at redhat.com [mailto:rhelv6-list-bounces at redhat.com] On Behalf Of Jason Welsh
> Sent: Friday, August 23, 2013 2:33 PM
> To: rhelv6-list at redhat.com
> Subject: Re: [rhelv6-list] trying to get ldap system authentication working via nslcd
>
>
>
> On 08/23/2013 04:35 PM, Camron W. Fox wrote:
>> On 13/08/23 5:03 AM, Jason Welsh wrote:
>>> hey folks, Im using a RHEL 6.4 server and I am trying to set up
>>> system ldap authentication via nslcd.conf and I have the
>>> authenticated bind working, but I cannot get the system to
>>> recognize users when i do a "su - userid"
>
>>> im pretty sure its my filter thats not right.. Im not quite sure
>>> what my filter and map statements should look like.
>
>>> right now, im using a simple filter in nslcd.conf like
>
>>> filter passwd (objectClass=User)
>
>>> when i sniff the transaction to the ldap server (not using
>>> encryption yet) i see the client bind to the ldap server, and in
>>> the search request, i see Filter:
>>> (&(objectClass=posixGroup)(memberUid=tcpdump))
>
>>> huh? tcpdump user? o_O and of course 0 results come back.
>
>>> any ideas why this is happening? Any suggestions on a better
>>> filter/map to use?
>
>>> regards, Jason
>
>
>> Jason,
>
>> What did your authconfig line look like when you setup authentication?
>
>> Best Regards,
>> Camron
>
>
> authconfig --enableshadow --enablemd5 --enableldap --enableldapauth --disablesssd --disablesssdauth --enableforcelegacy --disableldaptls --ldapserver="myldapserver.cisco.com" --ldapbasedn="ou=Some Users,dc=cisco,dc=com" --updateall
>
>
>
>
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list
>
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list
>
- --
Jason Welsh
Systems Administrator .:|:.:|:.
Threat Response, Intelligence and Development
W: 919-392-6816
M: 919-637-3693
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iD8DBQFSHjThrKCA2ghdtQQRAgmkAKC4QZCBA4+n9CjU1ML79/ipKNcraACeOnnM
m36nmLx9hIbhrezdZdD0/1o=
=kGMA
-----END PGP SIGNATURE-----
More information about the rhelv6-list
mailing list