On Wed, Sep 05, 2001 at 11:49:50PM +0800, Federico Sevilla III wrote (wyy sez):
> On Wed, 5 Sep 2001 at 23:16, Orlando Andico wrote:
> > you can get nss_ldap to work fairly easily (assuming you can connect
> > and query), see the /etc/ldap.conf file for nss_ldap
>
> I got libnss-ldap. The packaged version of Debian uses
> /etc/libnss-ldap.conf so I modified that. Aside from stuff like the host
> and base which debconf already set up for me (asking me for the data), I
> set up the following:
>
> o rootbinddn (with the password in /etc/ldap.secret perms 0600)
> o nss_base_passwd ou=People,dc=leathercollection,dc=ph?one
> o nss_base_shadow ou=People,dc=leathercollection,dc=ph?one
>
> Then I modified /etc/nsswitch.conf so that passwd and shadow use ldap. I
> didn't meddle with the /etc/pam.d/login first (which is back to using
> pam_unix.so). I can't log in, though. Because everything gets uid=0, as
> per the logs. Also when doing an ls on an NFS-mounted /home, the uids
> don't get mapped to usernames that are already in LDAP (not in the local
> /etc/passwd, though).
>
did you try rewriting /etc/pam.d/login to use the pam ldap modules
instead? i do not do logins though. but, when i migrated the system from
/etc/passwd to ldap. i just modified the pam.d file and it worked.
is the nsswitch.conf setting necessary when the pam.d/login is
configured. i assume that the pam ldap module with contain the necessary
instructions to properly access the ldap repository. but, legacy apps
may need it. hmmmm.
> Hmm ... :(
>
> Looks like I've got LDAP set up okay but somehow am missing something with
> both nss_ldap and pam_ldap. :(
>
good luck.
--------------------------------------
William Emmanuel S. Yu
Ateneo Cervini-Eliazo Networks (ACENT)
email : [EMAIL PROTECTED]
web : http://cersa.admu.edu.ph
phone : 63(2)4266001-5925/5904
GPG : http://sysads.ateneo.net/wyu/wyy.pgp
But scientists, who ought to know
Assure us that it must be so.
Oh, let us never, never doubt
What nobody is sure about.
-- Hilaire Belloc
PGP signature
