Hello All, May be the wrong discussion but here goes. I have an openLDAP directory that I have migrated all my NIS accounts to. The OpenLDAP accounts are 8 characters. First letter of given name and up to seven letters of the last name (gclooney). I have the gecos field in the OpenLDAP directory populated with firstname_lastname.(george_clooney) I have a kerberos infrastructure that I leverage for authentication. The kerberos realm user principals are also firstname_lastname.(george_clooney). On my linux clients I use the OpenLDAP client, the uid (gclooney)is mapped to gecos(george_clooney) using a nss_map_attribute (PADL). So the ldap user gclooney can be logged in using the kerberos credentials for george_clooney since the uid maps to gecos. This allows me to use kerberos for a single sign on and maintain the proper uid and gid's I had in NIS while using a single password for LDAP and Windows. On my Solaris clients I am attempting to do the same. I can use strictly LDAP authentication or gclooney no problem. But once I add the attributeMap mapping uid to gecos with the ldapclient utility I am unable to login with Kerberos creds like I can on Linux. I must mention that if I am logged in as root, I can su to george_clooney and the uid and gid are that from LDAP(gclooney). So obviously the ldapclient mapAttribute is working somewhat. don't think it is PAM related....I am missing something.. Any ideas. -- This message posted from opensolaris.org _______________________________________________ sysadmin-discuss mailing list sysadmin-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
