Mark Perry wrote:
Hi list,
I have been manually adding users to LDAP by adding the --service ldap
and -D options, works fine.
SAP (via sapinst) tries to add userids dynamically by calling
/usr/sbin/useradd directly, which fails.
Can SLES 10 with OpenLDAP be configured so that useradd/usermod commands
I'm sure it can (RHEL can for sure). It's in PAM, the nss_ldap module.
This should give some clues:
[EMAIL PROTECTED] ~]# grep ldap /etc/pam.d/*
/etc/pam.d/system-auth:auth sufficient pam_ldap.so use_first_pass
/etc/pam.d/system-auth:account [default=bad success=ok
user_unknown=ignore] pam_ldap.so
/etc/pam.d/system-auth:password sufficient pam_ldap.so use_authtok
/etc/pam.d/system-auth:session optional pam_ldap.so
/etc/pam.d/system-auth-ac:auth sufficient pam_ldap.so
use_first_pass
/etc/pam.d/system-auth-ac:account [default=bad success=ok
user_unknown=ignore] pam_ldap.so
/etc/pam.d/system-auth-ac:password sufficient pam_ldap.so use_authtok
/etc/pam.d/system-auth-ac:session optional pam_ldap.so
[EMAIL PROTECTED] ~]#
work directly on LDAP entries without specifying --service or -D ?
If so, does this allow for the root user to still be in /etc/passwd for
security/reliability? Or is it an ALL-LDAP solution?
I am not looking for workarounds, such as bash alias's or shell scripts
- I already use these ;-)
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
