To make system aware of users in 389 you need to configure other files: /etc/ldap.conf (el5 systems) or /etc/nss_ldap.conf (el6 systems) + /etc/nsswitch.conf + PAM modules (/etc/pam.d/system-auth + install pam_ldap module). On RHEL/Fedora/Centos/SL you can do this easy way using authconfig, authconfig-tui or system-config-authentication. I don't recommend messing manually with PAM without reading some docs about them, because you can break login in your system.
Consider using one three tools I have toold about. They can modify all required files. You may be required to install nss-pam-ldapd package on el6 systems for PAM to work, this will install nslcd daemon too as dependency. I usually set FORLEGACY to yes in /etc/systemconfig/authconfig on el6 systems 2012/7/28 fosiul alam <[email protected]> > Hi > Dont know how to reply on same thread. > > but thank for quick reply. > > its case sensitive. so I created the cert file > and i put that one into client , and i configured as documentated > > /etc/openldap/ldap.conf > > URI ldap://ldap-2.fosiul.lan/ > BASE dc=fosiul,dc=lan > TLS_CACERTDIR /etc/openldap/cacerts/ > TLS_REQCERT allow > #TLS_CACERT /etc/openldap/cacerts/cacert.asc > > > and in /etc/ldap.conf > base dc=fosiul,dc=lan > uri ldap://ldap-2.fosiul.lan/ > ssl start_tls > tls_cacertdir /etc/openldap/cacerts/ > > #TLS_CACERT /etc/openldap/cacerts/cacert.asc > pam_password md5 > > > > and i can see it created another file in /etc/openldap/cacerts/ directory > like ths > 5be5959f.0 ds-ca.crt > > and when i do like this > > id usrname > > it does not find the user and i dont see any error in /var/log/message > > so its like its connecting to ldap. .but it does not get any information > > do i have to say Cn="Directory Manager" some where in ldap.conf file ?? > > thanks for your help. > > Fosiul > > but in clients , log file > > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
