I see. Great document, however I am attempting to use RACF under z/OS. I
hadn't intended to set up RACF or an LDAP server under z/VM at this
time.
Dave
On Thu, 2009-02-05 at 12:37 -0600, Rich Smrcina wrote:
I meant in my ldap.conf.
Dave Keeton wrote:
Rich,
It's in the ldap.conf file I
/ldap.conf needs to be world
readable (to allow ldap enabled tools to work in user space)?
If so, isn't having a password in this file a nasty security hole?
Thanks,
- -- Pat
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
It's a good thing he obfuscated his password then... :)
Careful you'll incite a riot about LDAP being insecure! If anyone is worried,
implement
LDAP over SSL.
Patrick Spinler wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dave Keeton wrote:
/etc/ldap.conf:
hostip address
port
On Thursday, 02/05/2009 at 02:51 EST, Rich Smrcina rsmrc...@wi.rr.com
wrote:
It's a good thing he obfuscated his password then... :)
Careful you'll incite a riot about LDAP being insecure! If anyone is
worried,
implement LDAP over SSL.
When authenticating with LDAP, PAM must perform an ldap
Dear all,
There is a Redbook paper (redp0221.pdf) explaining how to use LDAP server on
z/OS with SLES 9 for logon the Linux users.
The issues are quite good explained there.
However I wonder if this information is still the same for SLES 10 and if
the LDAP from z/VM can provide the same
) explaining how to use LDAP server on
z/OS with SLES 9 for logon the Linux users.
The issues are quite good explained there.
However I wonder if this information is still the same for SLES 10 and if
the LDAP from z/VM can provide the same functionality together with RACF for
z/VM 5.4.
Thank you very
-Original Message-
From: Linux on 390 Port On Behalf Of Rich Smrcina
There's a redpaper that talks about this. See:
Securing Linux for zSeries with a Central z/OS LDAP Server
You might also want to check out the ABC's redbooks (which ever one
deals with RACF and security
I have a couple questions about connecting to ldap from Suse linux.
- Does anyone have experience using the MVS ldap server for Z/linux
authentication. Suse seems to ship with that functionality included, but
I have been unable to get it to work. Are there addicional schema
objects that must
There's a redpaper that talks about this. See:
Securing Linux for zSeries with a Central z/OS LDAP Server
You might also want to check out the ABC's redbooks (which ever one deals with
RACF and
security).
Jones, Russell wrote:
I have a couple questions about connecting to ldap from Suse
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jones, Russell wrote:
I have a couple questions about connecting to ldap from Suse linux.
Before we get really into this, I should refer you to your local LDAP
administrator, if you are not that person.
If you are your own local LDAP admin, well
On 12/2/2008 at 4:03 PM, Rich Smrcina [EMAIL PROTECTED] wrote:
Securing Linux for zSeries with a Central z/OS LDAP Server
Just for the sake of completeness, the URL for the abstract is
http://www.redbooks.ibm.com/abstracts/redp0221.html The document itself is at
http://www.redbooks.ibm.com
Thanks to everyone for the responses. I will go through your tests and
the suggested documentation and see where that gets me.
As for the second part, I am attempting to bind to ldap using php. The
same php page works on my Slackware system, but something is not
configured correctly on the Suse
I found that I had a nss_ldap package installed from something I was
trying to do earlier. I uninstalled it, reinstalled the openldap client,
and then rebuilt the php package, and php ldap support started working.
I guess there was a conflict between the two packages? I'm just excited
that I got
open shared object file: No
such file or directory in Unknown on line 0
The php build does not seem to be creating the php_ldap.so module. I am
not sure where to get it or how to create it.
I am using the --with-ldap=shared,/usr parameter on the
php_configure().
This is happening because
I seem to have messed up my system pretty good. After I built and
installed the ldap client package the system quit responding. I ipl'ed
and it took forever (about 45 min) for the system to come up. I didn't
see any errors on the console, but the system still would not respond
when it came up. I
On 10/10/2008 at 11:59 AM, in message
[EMAIL PROTECTED],
Jones, Russell [EMAIL PROTECTED] wrote:
I seem to have messed up my system pretty good. After I built and
installed the ldap client package the system quit responding. I ipl'ed
and it took forever (about 45 min) for the system to come
My system is back to normal now. I found that I could enter commands
at the HMC even though the response was extremely slow. I did a
removepkg on the ldap client and things went back to normal. I am back
to my original problem now getting ldap to work with php. I get this
error when starting
On 10/10/2008 at 3:24 PM, in message
[EMAIL PROTECTED],
Jones, Russell [EMAIL PROTECTED] wrote:
My system is back to normal now. I found that I could enter commands
at the HMC even though the response was extremely slow. I did a
removepkg on the ldap client and things went back to normal. I
.
Thanks,
Russell Jones
ANPAC
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
Mark Post
Sent: Tuesday, October 07, 2008 3:13 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Add LDAP support to PHP
On 10/7/2008 at 3:32 PM, in message
[EMAIL PROTECTED
I think that I got it. The perl path had to be changed in the apxs
script. I think that I got a good php build.
Russell Jones
-Original Message-
From: Jones, Russell
Sent: Thursday, October 09, 2008 9:26 AM
To: 'Linux on 390 Port'
Subject: RE: Add LDAP support to PHP
I did find apxs
On 10/9/2008 at 10:26 AM, in message
[EMAIL PROTECTED],
Jones, Russell [EMAIL PROTECTED] wrote:
I did find apxs on my system and the path in the script is correct, so I
don't think that is the problem. I also see the following in my output:
./configure: /usr/sbin/apxs: /usr/local/bin/perl:
I got the new php package installed and it seems to be functioning. Now
I am seeing the following error in the apache log when I attempt to bind
to ldap:
PHP Warning: Unknown(): Unable to load dynamic library
'/usr/lib/php/extensions/php_ldap.dll' -
/usr/lib/php/extensions/php_ldap.dll: cannot
No, it just looks like your compiler version is a little far ahead of the
one the LDAP developers used. As long as they're just warnings (not
errors), keep going. Make sure you test the finished product, although
these particular warnings appear harmless.
--Jim
I also found a lot of the following types of messages in the output for
the package build:
/tmp/php-4.3.10/ext/ldap/ldap.c: In function `zif_ldap_connect':
/tmp/php-4.3.10/ext/ldap/ldap.c:390: warning: assignment makes pointer
from integer without a cast
/tmp/php-4.3.10/ext/ldap/ldap.c
I went ahead and installed the package and I get the following error in
the apache log when I attempt to bind to ldap:
PHP Warning: Unknown(): Unable to load dynamic library
'/usr/lib/php/extensions/php_ldap.dll' -
/usr/lib/php/extensions/php_ldap.dll: cannot open shared object file
On 10/9/2008 at 2:09 PM, in message
[EMAIL PROTECTED],
Jones, Russell [EMAIL PROTECTED] wrote:
-snip-
Do I need to have some type of ldap package installed to do this build?
That would probably be a good idea. See
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/source/n/openldap-client
LDAP support to PHP
I went ahead and installed the package and I get the following error in
the apache log when I attempt to bind to ldap:
PHP Warning: Unknown(): Unable to load dynamic library
,
Russell Jones
ANPAC
System Programmer
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
Mark Post
Sent: Monday, October 06, 2008 4:20 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Add LDAP support to PHP
On 10/6/2008 at 4:58 PM, in message
[EMAIL
On 10/7/2008 at 3:32 PM, in message
[EMAIL PROTECTED],
Jones, Russell [EMAIL PROTECTED] wrote:
Thanks for the script. I guess I will need a little more help. Will I
need to download the php source or is it stored somewhere on my system?
If you downloaded the /source part of the tree, it
I am running Slack 390 10.1. I would like to connect to ldap with my php
web application. The research that I have done indicates that ldap
support is build in to php, but the binaries may have to be recompiled
with the --with-ldap parameter.
Could someone point me in the right direction on how
On 10/6/2008 at 4:58 PM, in message
[EMAIL PROTECTED],
Jones, Russell [EMAIL PROTECTED] wrote:
I am running Slack 390 10.1. I would like to connect to ldap with my php
web application. The research that I have done indicates that ldap
support is build in to php, but the binaries may have
Thanks very much to everyone for your fast replies!!!
As suggested I just installed the package PHP interface to
Lightweight Directory Access Protocol (LDAP)..
Listing the package :
URL : http://www.php.net
Summary : PHP4 extension module
Description :
PHP interface
On Wed, May 7, 2008 at 5:56 AM, in message
[EMAIL PROTECTED], Marco
Bosisio [EMAIL PROTECTED] wrote:
-snip-
If you know a link to document by SuSE about use of this interface
from PHP, it is welcome.
I'm not aware of any, but that doesn't mean a lot, since I'm not terribly
familiar
Hi,
I have question about how to enable PHP to use LDAP.
In this section http://uk.php.net/manual/it/ldap.installation.php they
wrote : LDAP support in PHP is not enabled by default
From your experience,do you know if there is a way to enable
PHP to use
I don't know about Suse, but with Red Hat (RHEL4) LDAP support comes
configured with PHP. I'm doing lookups to an LDAP server and didn't
do anything special to set it up.
Try setting up a small PHP page to
do a phpinfo() function and then look through the output of that.
For example mine shows
On Mon, May 5, 2008 at 9:56 AM, in message
[EMAIL PROTECTED], Marco
Bosisio [EMAIL PROTECTED] wrote:
-snip-
From your experience,do you know if there is a way to enable
PHP to use LDAP without recompile (PHP) ?
No, there is not.
We would like to avoid to recompile
work, then PC's is the way I would go.)
If I can't get the other users off the systems, my way forward will
probably be to setup 2-3 Linux Guests just for LDAP.
That's really not hard to do, its just some minor documentation DASD,
IP's etc.
I was just hoping someone on this list may already have
Mark Perry wrote:
Hi John,
pam is certaining one of the tracks I am folloiwng.
This is a classic difference between RHEL and SLES - SLSES uses
pam_unix2 which has its on config file:
/etc/security/pam_unix2.conf
In this file is set:
auth: use_ldap
account:use_ldap
password:
John Summerfield wrote:
Mark Perry wrote:
Hi list,
I have been manually adding users to LDAP by adding the --service ldap
and -D options, works fine.
SAP (via sapinst) tries to add userids dynamically by calling
/usr/sbin/useradd directly, which fails.
Can SLES 10 with OpenLDAP be configured
Hi list,
I have been manually adding users to LDAP by adding the --service ldap
and -D options, works fine.
SAP (via sapinst) tries to add userids dynamically by calling
/usr/sbin/useradd directly, which fails.
Can SLES 10 with OpenLDAP be configured so that useradd/usermod commands
work
Mark Perry wrote:
Hi list,
I have been manually adding users to LDAP by adding the --service ldap
and -D options, works fine.
SAP (via sapinst) tries to add userids dynamically by calling
/usr/sbin/useradd directly, which fails.
Can SLES 10 with OpenLDAP be configured so that useradd/usermod
Mark Perry wrote:
Mark Perry wrote:
Hi list,
I have been manually adding users to LDAP by adding the --service
ldap and -D options, works fine.
SAP (via sapinst) tries to add userids dynamically by calling
/usr/sbin/useradd directly, which fails.
Can SLES 10 with OpenLDAP be configured so
Mark Perry wrote:
Hi list,
I have been manually adding users to LDAP by adding the --service ldap
and -D options, works fine.
SAP (via sapinst) tries to add userids dynamically by calling
/usr/sbin/useradd directly, which fails.
Can SLES 10 with OpenLDAP be configured so that useradd/usermod
that can access have to be validated into two different ldap repository
depending on the user type:
- If the user is in flat format, like Surname Name, it has to be checked on
an active directory
- if the user is in e-mail format, like [EMAIL PROTECTED], it has to be
checked on an Ibm ldap
/mod_ldap a site, where
users that can access have to be validated into two different ldap repository
depending on the user type:
- If the user is in flat format, like Surname Name, it has to be checked on
an active directory
- if the user is in e-mail format, like [EMAIL PROTECTED], it has
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| MOROZZO Valerio wrote:
|
| Customer asked me to protect via basic-authentication/mod_ldap a site,
| where users that can access have to be validated into two different
| ldap repository depending on the user type:
|
Rather, it sounds instead like
On Tue, Feb 26, 2008 at 11:24 AM, in message
[EMAIL PROTECTED]
, Bertil Starck [EMAIL PROTECTED] wrote:
Hi!
I'm using the redbook Security on z/VM to try to use RACF as authorize
logon to z/Linux.
Now following the redbook carefully, I'm stock in Chapter 3 z/VM LDAP
server bullet 12
Hi!
I'm using the redbook Security on z/VM to try to use RACF as authorize
logon to z/Linux.
Now following the redbook carefully, I'm stock in Chapter 3 z/VM LDAP
server bullet 12 Verify LDAPADM2 is able to use native authentication:
I've added user linux2 to RACF:
rac adduser linux2 pass
I am trying to set up linux to authenticate using the MVS ldap server. I
am running Slack390 10.1. The articles I have read all describe using
PAM and NSS together, but I don't believe that PAM can be easily used
with Slackware. I have built and installed packages for sasl, openldap,
and nss.
Can
On Wed, Dec 5, 2007 at 5:09 PM, in message
[EMAIL PROTECTED],
Jones, Russell [EMAIL PROTECTED] wrote:
I am trying to set up linux to authenticate using the MVS ldap server. I
am running Slack390 10.1. The articles I have read all describe using
PAM and NSS together, but I don't believe
@VM.MARIST.EDU
To
LINUX-390@VM.MARIST.EDU
cc
Subject
Using ldap for zLinux Security
Does anyone have any experience using the z/OS LDAP server to secure
z/Linux? We have profiles for all of our RACF users stored in a TDBM
that uses ibm-native authentication. I would like to use this TDBM
Does anyone have any experience using the z/OS LDAP server to secure
z/Linux? We have profiles for all of our RACF users stored in a TDBM
that uses ibm-native authentication. I would like to use this TDBM to
secure my ZLinux system.
I appreciate any suggestions,
Russ
on behalf of Mark Post
Sent: Wed 9/12/2007 5:48 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: LDAP BUS ERROR
While not an answer to your question, and not trying to say it might not be a
bug, I have to ask what the reason is for him being a member of so many groups?
If it is a bug, it needs
On Friday, 09/14/2007 at 06:40 EDT, Goodwin, Derric
[EMAIL PROTECTED] wrote:
I think it is under 200 groups he belongs to. He is one of our security
people
and I think he is a member of almost all groups. The weird thing is
other info
security people (with large group memberships) can login and
just
fine.
From: Linux on 390 Port on behalf of Mark Post
Sent: Wed 9/12/2007 5:48 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: LDAP BUS ERROR
While not an answer to your question, and not trying to say it might not be a
bug, I have to ask what the reason
On Fri, Sep 14, 2007 at 6:38 AM, in message
[EMAIL PROTECTED],
Goodwin, Derric [EMAIL PROTECTED] wrote:
I think it is under 200 groups he belongs to. He is one of our security
people and I think he is a member of almost all groups. The weird thing is
other info security people (with large
On Fri, Sep 14, 2007 at 8:10 AM, in message
[EMAIL PROTECTED], Alan
Altmark [EMAIL PROTECTED] wrote:
-snip-
The number of groups on setgroups() cannot exceed NGROUPS. (And I don't
know where NGROUPS is set.)
According to include/linux/limits.h:
#define NGROUPS_MAX65536/*
= %ld\n, ngroups_max );
return 0;
}
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of
Alan Altmark
Sent: Friday, September 14, 2007 5:11 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: LDAP BUS ERROR
On Friday, 09/14/2007 at 06:40 EDT, Goodwin, Derric
Alan Altmark wrote:
On Friday, 09/14/2007 at 06:40 EDT, Goodwin, Derric
[EMAIL PROTECTED] wrote:
I think it is under 200 groups he belongs to. He is one of our security
people
and I think he is a member of almost all groups. The weird thing is
other info
security people (with large group
From: Linux on 390 Port on behalf of Adam Thornton
Sent: Wed 9/12/2007 3:28 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: LDAP BUS ERROR
On Sep 12, 2007, at 1:17 PM, Goodwin, Derric wrote:
I have a batch of new SuSE 9 guests that authenticate via LDAP
On Sep 13, 2007, at 4:46 AM, Goodwin, Derric wrote:
We are using the SuSE Implementation.
In that case...yeah, how many groups is many groups ?
Create a test user and some test groups and see if you can repeat the
problem when that user gets beyond N groups.
Adam
I have a batch of new SuSE 9 guests that authenticate via LDAP.
I have a problem with one and only one user. He is our security admin
and belongs to a lot of groups.
When ever he tries to log in or (as root) you try to SU to his ID we get
a BUS ERROR.
An strace on the command shows
On Sep 12, 2007, at 1:17 PM, Goodwin, Derric wrote:
I have a batch of new SuSE 9 guests that authenticate via LDAP.
Are they using the SuSE pam_ldap implementation, or a third-party one?
Adam
--
For LINUX-390 subscribe
On Wed, 2007-09-12 at 15:17 -0500, Goodwin, Derric wrote:
I have a batch of new SuSE 9 guests that authenticate via LDAP.
I have a problem with one and only one user. He is our security admin
and belongs to a lot of groups.
How many groups exactly? There used to be a limit of 32 groups
that requires so many group
memberships.
Mark Post
-Original Message-
From: Goodwin, Derric [EMAIL PROTECTED]
To: Linux on 390 Port LINUX-390@VM.MARIST.EDU
Sent: 9/12/2007 2:17:47 PM
Subject: LDAP BUS ERROR
I have a batch of new SuSE 9 guests that authenticate via LDAP.
I have
On Wed, Sep 12, 2007 at 4:17 PM, in message
[EMAIL PROTECTED],
Goodwin, Derric [EMAIL PROTECTED] wrote:
-snip-
When ever he tries to log in or (as root) you try to SU to his ID we get
a BUS ERROR.
I've seen S0C4 abends masquerading as BUS ERRORs before.
An strace on the command shows it
I am trying to get our SuSE 9 (s390x) to use the common LDAP server. I
have tried several ways to get LDAP users to be able to login. Right now
the /etc/security/pam_unix2.conf is set to use_ldap and there is no sshd
in the /etc/pam.d. When a user that is in the Linux system directly can
sign
On Thu, Apr 5, 2007 at 11:17 AM, in message [EMAIL PROTECTED], Bob
[EMAIL PROTECTED] wrote:
I am trying to get our SuSE 9 (s390x) to use the common LDAP server.
Have you followed the steps in the IBM Redpaper Linux on IBM zSeries and
S/390: Securing Linux for zSeries with a Central z/OS LDAP
Additional instructions for setting up Linux LDAP authentication are
in section 10.2 of the Virtualization Cookbook for RHEL 4 [1] and also
in the SLES one [2].
[1] http://www.redbooks.ibm.com/abstracts/sg247272.html?Open
[2] http://www.linuxvm.org/present/index.html
ks
Yep, I have followed that procedure once. Same error.
Mark Post wrote:
Have you followed the steps in the IBM Redpaper Linux on IBM zSeries and S/390:
Securing Linux for zSeries with a Central z/OS LDAP Server (RACF), at
http://www.redbooks.ibm.com/redpapers/pdfs/redp0221.pdf
Hi all,
We're running WebSphere App Server under Suse Linux Enterprise Server 9
with SP3 on a zSeries. Does anyone have a JACL script to test LDAP
connection between WebSphere and Lotus Notes?
Thanks,
Aris
Hi James,
I have a similar problem but instead of RACF I have to run
ldapsearch against a Windows AD.
Anyway, I think the approach I tried would help you. Let's look at
the ldapsearch I am executing:
-- 8
#
# In this case, I am
12/13/2006 06:23 AM
Subject
Re:
Capturing error messages from LDAP search
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
for what it's worth, I've taken to doing most of my ldap work in perl
using the Net::LDAP module. I find it useful to not have to parse
output or error messages myself, for instance. Instead, I can check
condition codes.
- -- Pat
James Melin
their passwords from
an application.
Take this example ldapsearch:
ldapsearch -v -x -h $targ_IP -D
racfid=$1,profiletype=user,ou=racf,o=co.hennepin.mn,c=us -W -b
racfid=$1,profiletype=user,ou=racf,o=co.hennepin.mn,c=us
where $targ_IP is the IP address of the LDAP server and $1 is the ID passed via
-ldap --enable-auth_ldap
--enable-authnz-ldap --with-ldap --with-ldap-lib=/usr/local/lib
--with-ldap-include=/usr/local/include
I can start apache ok but when I try to use an .htaccess file with ldap
statements, I receive the following error message:
.htaccess: Invalid command 'AuthLDAPURL
generated mod_ldap, etc.
Mark Post
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of
Levy, Alan
Sent: Wednesday, December 06, 2006 12:31 PM
To: LINUX-390@VM.MARIST.EDU
Subject: apache mod-ldap problem
Sorry if I am posting to the wrong group.
Is there an apache
I am building it from source to get the latest and greatest version. I
have had no problems building apache from source without ldap.
Alan Levy
VM/Linux Administrator
W: 718-403-8020
C: 347-401-4629
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
Mark
environment.
Mark Post
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of
Levy, Alan
Sent: Wednesday, December 06, 2006 12:59 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: apache mod-ldap problem
I am building it from source to get the latest and greatest version
Mark Post wrote:
First, why are you building Apache from source, instead of using the version
that comes with your distribution?
Second, I would strongly recommend looking at the .spec file that your
distribution ships with its source RPM file. That will show you exactly how
they built apache,
On 12/6/06, Levy, Alan [EMAIL PROTECTED] wrote:
I am building it from source to get the latest and greatest version. I
have had no problems building apache from source without ldap.
No doubt you're fully aware that mixing RPM and tarball installs is
delicate art and you may end multiple
does anybody know how to locate Peter (abresch). He was at Pepco in
Aug/2005 but lost contact with him.
As I understand it, Pepco implemented ACF2 version 8 under zOS with
PAM/NSS on the Linux for z-Series communication via LDAP for
authorization and authentication. This was accomplished
James,
I can't comment on your setup, per se, but it's been my experience that
debugging LDAP issues are much better done with the command line tools
such as ldapsearch, etc. Turn on tracing/verbose debugging and try to
decipher the output.
Mark Post
-Original Message-
From: Linux
[EMAIL PROTECTED]
IST.EDU Subject
Re: PAM authentication via LDAP -
Configuration question
11/02/2005 11:19
AM
@VM.MARIST.EDU
Subject: Re: PAM authentication via LDAP - Configuration question
-snip-
One bit of weirdness... I have it set up to attempt local authentication
against the user ID in question when it fails RACF, so that root
authenticates locally. Now, this seems to have allowed for defined
users
I am getting this error trying to configure SSH to authenticate against
LDAP. If anyone has an idea as to what I've screwed up.
Nov 1 16:27:50 vadnais sshd[1751]: pam_ldap: ldap_starttls_s: Can't
contact LDAP server
Nov 1 16:27:50 vadnais sshd[1749]: error: PAM: Authentication failure
Hi Sam,
My /etc/nsswitch.conf has the following entries:
passwd: files ldap compat
shadow: files ldap compat
group: files ldap compat
Yous just have compat. Maybe that's the problem
Anyway, my /etc/pam.d/login, also looks diferent of your
/etc/pam.d
We are hoping to use the Open-LDAP client in our SLES9 system to allow users
who are defined in our non-Linux LDAP server to signon without being defined
as local users.
We have no problem authenticating passwords for users via LDAP for users
that are defined as both local users
Sam,
Any Ideas?
Try using YaST = Network Services = LDAP Client
Then you won't have to much around in config files, rather, you should
just have to specify the LDAP server.
Mike MacIsaac [EMAIL PROTECTED] (845) 433-7061
Try using YaST = Network Services = LDAP Client
Then you won't have to much around in config files, rather, you should
just have to specify the LDAP server.
We did try that route when we began, but the Yast interface assumes that you
are using a Open-LDAP server, which we are not. We
S S writes:
We are hoping to use the Open-LDAP client in our SLES9 system to allow users
who are defined in our non-Linux LDAP server to signon without being defined
as local users.
We have no problem authenticating passwords for users via LDAP for users
that are defined as both local users
If you do a getent on an LDAP user, does anything come back?
Example:
# getent passwd some_user
# getent shadow some_user
If both of these return the proper values, then LDAP is configured
correctly and it is most likely your PAM configuration that has an
issue. If they do not return the proper
Sam,
the Yast interface assumes that you
are using a Open-LDAP server, which we are not.
I agree that YaST assumes OpenLDAP when setting up things as a server.
However, I have successfully used YaST to configure the client to point to
an IBM Tivoli Directory Server. So maybe it's something
336 0628
Fax: +2712 336 0606
E-mail: [EMAIL PROTECTED]
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Joe
Poole
Sent: 12 August 2005 02:15 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: LDAP SDBM
There is a Redbooks Paper titled Securing Linux
That information (for SSH) is on page 8 of Securing Linux for zSeries with a
Central z/OS LDAP Server (RACF).
Mark Post
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Leon Buitendag
Sent: Monday, August 15, 2005 3:05 AM
To: LINUX-390@VM.MARIST.EDU
Hi, I have installed LDAP server SDBM on ZOS1.3 and am trying to connect
from SUSe8 that is running on an IFL, I have configured the SSHD as I'm
using ssh to connect to my linux partition. My problem is that I cannot gain
access to my linux partition using my RACF userid unless I configure
There is a Redbooks Paper titled Securing Linux for zSeries with a
Central z/OS (RACF) LDAP Server which walks you through the
configuration of Native Authentication.
http://www.redbooks.ibm.com/cgi-bin/searchsite.cgi?query=Securing+Linux
On Friday 12 August 2005 02:13 am, Leon Buitendag wrote
Cameron wrote on 11-01-2005 17:53:41:
Greetings,
I am testing some LDAP + SSL Authentication. We have an LDAP server
running on
z/OS and it is setup with a single certificate. I want to setup a Linux
Guest
to authenticate with this certificate, how do you import that certificate
in
Linux
Greetings,
I am testing some LDAP + SSL Authentication. We have an LDAP server running on
z/OS and it is setup with a single certificate. I want to setup a Linux Guest
to authenticate with this certificate, how do you import that certificate in
Linux? Does anyone have experience with or know
CA provides an LDAP for use with Top Secret and ACF2 and it does not require
DB2 as IBM's does. CA also provides a PAM for Linux.
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Lee
Stewart
Sent: Friday, January 07, 2005 12:02 PM
To: LINUX-390
101 - 200 of 301 matches
Mail list logo