and someday i'll finish that document on how to use ldap for authentication with sles8...
really.... i mean it... really.... hold on....someone needs me. what? by tomorrow? ok. later. > -----Original Message----- > From: Sal Torres/SBC Inc. [mailto:[EMAIL PROTECTED] > Sent: Friday, December 19, 2003 3:06 PM > To: [EMAIL PROTECTED] > Subject: Re: Anyone using OpenLDAP with SLES8? Question with... > > > *** Reply to note of Thu, 18 Dec 2003 10:18:41 -0500 (EST/CDT) > *** by [EMAIL PROTECTED] > > I did a couple of tests and it seems to work for me (by default we use > SecurID for the authentication part). You may need a newer > pam_ldap version > (I am using pam_ldap-164). > > The ACL depends on if you are using anonymous bind or a proxy user > (rootbinddn). You can start with: > > access to dn="..dc=com" attr=userPassword > by self write > by anonymous auth > by * none > access to * > by * read > and change as needed. > > SLES8 includes the CPU tool to add/change/delete users and groups > > > Sal > > Eric Sammons <[EMAIL PROTECTED]> writes: > >I have done that and it sort of worked. It seemed to take on the > >characteristics there after of a ACL problem. By changing > the acls I get > >different behavior; however, I can't seem to find the right acls that > >cause the implementation to work. > > > >Do you have this working? Can I ask what your LDAP ACLs look like? > > > >Thanks! > >Eric Sammons > >(804)697-3925 > >FRIT - Unix Systems > > > > > > > > > > > >"Sal Torres/SBC Inc." <[EMAIL PROTECTED]> > >Sent by: Linux on 390 Port <[EMAIL PROTECTED]> > >12/18/2003 10:03 AM > >Please respond to Linux on 390 Port > > > > To: [EMAIL PROTECTED] > > cc: > > Subject: Anyone using OpenLDAP with SLES8? > Question with > >Passwords > > > >Try to set the shadow last change to zero. pam_ldap is supposed to > >expire the account: > >... > > if (session->info->shadow.lstchg == 0) > > { > > /* > > * Adhere to convention of a shadow last change > > * value of 0 implying that the password has > > * expired. Apparently this is documented in the > > * shadow suite (libmisc/isexpired.c). > > */ > > session->info->password_expired = 1; > >... > > > >sal >
