Hi,
we have a mostly RH Linux environment were the PCs authenticate
against a Netscape LDAP server. They have a quite short /etc/ldap.conf:
host 172.25.93.242 <-- that is our LDAP server
base o=bonmp.XXX.com
ssl no
pam_password crypt
And I'm trying to setup this OpenBSD PC:
blowfish# uname -a
OpenBSD blowfish.europe.XXX.com 3.7 GENERIC#50 i386
blowfish# pkg_info | grep -i ldap
login_ldap-3.3 provide ldap authentication type
openldap-client-2.2.23 Open source LDAP software (client)
After reading "man login_ldap" have added a user for myself:
useradd -m -d /home/afarber -s /usr/local/bin/tcsh -L ldap afarber
and have now the following line in vipw:
afarber:*************:1000:10:ldap:0:0::/home/afarber:/usr/local/bin/tcsh
For that login class "ldap" I've added this entry in /etc/login.conf:
ldap:\
:auth=-ldap:\
:x-ldap-server=172.25.93.242:\
:x-ldap-basedn=o=bonmp.XXX.com:\
:x-ldap-filter=(uid=%u):
On the command line I seem to be able to perform some searches:
blowfish# ldapsearch -x -h 172.25.93.242 \
-b o=bonmp.XXX.com "(uid=afarber)" mail uid
# extended LDIF
#
# LDAPv3
# base <o=bonmp.XXX.com> with scope sub
# filter: (uid=afarber)
# requesting: mail uid
#
# afarber, People, bonmp.XXX.com
dn: uid=afarber,ou=People,o=bonmp.XXX.com
mail: Alexander.Farber at XXX.com
uid: afarber
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
But logging in on the "login:" prompt doesn't work and there is
no message in /var/log/authlog besides LOGIN FAILED 3 TIMES.
I have tried logging in using these usernames:
afarber
afarber:-ldap
So has anybody please been successful in this an can share some tips?
Also, does anybody know, how to run /usr/local/libexec/auth/login_-ldap
on a command line, to see if it works at all? I try following:
blowfish# /usr/local/libexec/auth/login_-ldap afarber
blowfish# echo $?
1
but don't know, how to interpret this? What LDAP field does it look for, "uid"?
The information in the archives and on the web is unfortunately scarce.
Regards
Alex
