On Monday, 8 November 2010 16:07:25 Stef Coene wrote: > On Monday 08 November 2010, you wrote: > > Hello Stef, > > > > could you please point what you did to solve your problems as anybody > > else could be interested in that solution. Unfortunately, these > > machines are on my schedule, too. :) > > I'm documenting the steps I do to get it working and the possible problems. > When I'm done, I will post them somewhere. > I also have to this on the production servers. > > I still have some problems with the passwords. I have to change the > password from an AIX box before it works.
What hash ends up in userPassword in this case? crypt? Real crypt(), with it's 8-character limit? This normally indicates a problem in the configuration. On a Linux host, this would typically indicate that nss_ldap was set up, but pam_ldap was not, and authentication was working via app->PAM->pam_unix->getspent(3)->nss->nss_ldap- >LDAP, whereas you may prefer app->PAM->pam_ldap (otherwise some pam_ldap- based authorization features don't work, password hashes are limited to those that are supported by all your clients etc.). I don't have any access to our AIX hosts though ... Regards, Buchan
