I don't think that's a suitable issue for this forum.
I recommend you download the latest "Directory and Naming Services" Guide for Solaris 10 from http://docs.sun.com. Read the parts of the LDAP section on attribute mapping. That will give you a clue. W Sanders wrote:
Howdy, I am actually running GA Solaris U7 but I think the problem is very similar in OpenSolaris. We have an OpenLDAP database with usernames and passwords but it is not in Posix style, i.e there are no uids, gids, etc. It uses whatever schema is the default in OpenLDAP 2.3, the one that came with the distro, SLES 10. It is very easy to get SSHD to use LDAP for password authentication in this distro, and get the rest of the user info from the /etc/passwd file (the account is locked in /etc/shadow). All you have to do is replace the "auth include commom-auth" line in the /etc/pam.d/sshd file with "auth required pam_ldap.so" on the second line, set "UsePAM yes" in the sshd config file, and point /etc/ldap.conf to your LDAP server. (Nsswitch.conf remains "files" only.) You will then get anonymous-type binding to check the LDAP password, and the rest of the Posix attributes will be set from /etc/passwd. My root question: Is there a simple way to do with with the Solaris 10 LDAP client and the Solaris 10 sshd? I think I have LDAP set up correctly, and PAM is doing *something*: I added this line to pam.conf: "other auth sufficient pam_ldap.so.1'. And when I snoop the connection to the LDAP server I am see something: backup2 -> services1 LDAP C port=33193 Search Request derefAlways services1 -> backup2 LDAP R port=33193 services1 -> backup2 LDAP R port=33193 Search ResDone Success But logins fail. (Maybe anonymous binding doesn't work?) Has anyone succeeded in getting LDAP authentication to work without Posix format LDAP entries? Thanks -W Sanders St Marys College of CA
-- Jerry Sutton jer...@airmail.net _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
