Hi,
First of all, sorry for my english. I'll try to be clear.
I have an OpenLdap server running in a Linux debian 2.6.18-3-k7 with this
slapd.conf:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/solaris.schema
include /usr/local/etc/openldap/schema/DUAConfigProfile.schema
include /usr/local/etc/openldap/schema/nisdomainobject.schema
#include /usr/local/etc/openldap/schema/solaris-nis.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to *
by * read
allow bind_v2
database bdb
suffix "dc=tel,dc=uva,dc=es"
rootdn "cn=root,dc=tel,dc=uva,dc=es"
rootpw secret
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass eq
The OpenLdap version is 2.3.34.
I want to have 3 clients to authenticate in the ldap server, one Linux, one
Windows and one Solaris.
With linux and windows there are no problems.
With solaris client I have a problem.
To configurate solaris client I did these steps:
First, I added the solaris.schema and DUAConfigProfile.schema.
After, I populated my directory. My tree is this:
dn:dc=tel,dc=uva,dc=es
objectClass: dcObject
objectClass: organization
objectClass: nisDomainObject
nisDomain: tel.uva.es
o: tel
dc: tel
dn:cn=root,dc=tel,dc=uva,dc=es
objectClass: organizationalRole
objectClass: bootableDevice
cn: root
dn:ou=users,dc=tel,dc=uva,dc=es
ou: users
objectClass: top
objectClass: organizationalUnit
dn:ou=groups,dc=tel,dc=uva,dc=es
ou: groups
objectClass: top
objectClass: organizationalUnit
dn:cn=profesores,ou=groups,dc=tel,dc=uva,dc=es
cn: profesores
gidNumber: 1001
objectClass: top
objectClass: posixGroup
dn:cn=alumnos,ou=groups,dc=tel,dc=uva,dc=es
cn: alumnos
gidNumber: 1002
objectClass: top
objectClass: posixGroup
dn:uid=dpercam,ou=users,dc=tel,dc=uva,dc=es
uid: dpercam
givenName: Daniel
sn: Perez
cn: Daniel Perez
uidNumber: 2002
gidNumber: 1002
homeDirectory: /home/dpercam
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
mail: [EMAIL PROTECTED]
loginShell: /bin/bash
userPassword: dpercam
dn:uid=edugom,ou=users,dc=tel,dc=uva,dc=es
uid: edugom
givenName: Eduardo
sn: Gomez
cn: Eduardo Gomez
loginShell: /bin/bash
uidNumber: 2005
gidNumber: 1001
homeDirectory: /home/edugom
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
userPassword: edugom
dn:ou=profile,dc=tel,dc=uva,dc=es
ou: profile
objectClass: top
objectClass: organizationalUnit
dn:cn=proxyagent,ou=profile,dc=tel,dc=uva,dc=es
cn: proxyagent
sn: proxyagent
objectClass: top
objectClass: person
userPassword: password
dn:cn=default,ou=profile,dc=tel,dc=uva,dc=es
objectClass: top
objectClass: DUAConfigProfile
defaultServerList: 192.168.70.133
defaultSearchBase: dc=tel,dc=uva,dc=es
authenticationMethod: simple
followReferrals: TRUE
defaultSearchScope: one
searchTimeLimit: 30
profileTTL: 43200
bindTimeLimit: 2
cn: default
credentialLevel: proxy
serviceSearchDescriptor: passwd: ou=users,dc=tel,dc=uva,dc=es?one
serviceSearchDescriptor: group: ou=groups,dc=tel,dc=uva,dc=es?one
serviceSearchDescriptor: shadow: ou=users,dc=tel,dc=uva,dc=es?one
Then, I run the ldapclient:
ldapclient -v init -a proxyDN=cn=proxyagent,ou=profile,dc=tel,dc=uva,dc=es
-a proxyPassword=password -a domainname=tel.uva.es <ip.adress>
The file nsswitch.conf is now:
passwd: files ldap
group: files ldap
shadow files ldap
hosts: files dns
ipnodes: files dns
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
netgroup: ldap
automount: files ldap
aliases: files ldap
services: files ldap
printers: user files ldap
auth_attr: files ldap
prof_attr: files ldap
project: files ldap
tnrhtp: files ldap
tnrhdb: files ldapHi,
First of all, sorry for my english. I'll try to be clear.
I have an OpenLdap server running in a Linux debian 2.6.18-3-k7 with this
slapd.conf:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/solaris.schema
include /usr/local/etc/openldap/schema/DUAConfigProfile.schema
include /usr/local/etc/openldap/schema/nisdomainobject.schema
#include /usr/local/etc/openldap/schema/solaris-nis.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to *
by * read
allow bind_v2
database bdb
suffix "dc=tel,dc=uva,dc=es"
rootdn "cn=root,dc=tel,dc=uva,dc=es"
rootpw secret
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass eq
The OpenLdap version is 2.3.34.
I want to have 3 clients to authenticate in the ldap server, one Linux, one
Windows and one Solaris.
With linux and windows there are no problems.
With solaris client I have a problem.
To configurate solaris client I did these steps:
First, I added the solaris.schema and DUAConfigProfile.schema.
After, I populated my directory. My tree is this:
dn:dc=tel,dc=uva,dc=es
objectClass: dcObject
objectClass: organization
objectClass: nisDomainObject
nisDomain: tel.uva.es
o: tel
dc: tel
dn:cn=root,dc=tel,dc=uva,dc=es
objectClass: organizationalRole
objectClass: bootableDevice
cn: root
dn:ou=users,dc=tel,dc=uva,dc=es
ou: users
objectClass: top
objectClass: organizationalUnit
dn:ou=groups,dc=tel,dc=uva,dc=es
ou: groups
objectClass: top
objectClass: organizationalUnit
dn:cn=profesores,ou=groups,dc=tel,dc=uva,dc=es
cn: profesores
gidNumber: 1001
objectClass: top
objectClass: posixGroup
dn:cn=alumnos,ou=groups,dc=tel,dc=uva,dc=es
cn: alumnos
gidNumber: 1002
objectClass: top
objectClass: posixGroup
dn:uid=dpercam,ou=users,dc=tel,dc=uva,dc=es
uid: dpercam
givenName: Daniel
sn: Perez
cn: Daniel Perez
uidNumber: 2002
gidNumber: 1002
homeDirectory: /home/dpercam
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
mail: [EMAIL PROTECTED]
loginShell: /bin/bash
userPassword: dpercam
dn:uid=edugom,ou=users,dc=tel,dc=uva,dc=es
uid: edugom
givenName: Eduardo
sn: Gomez
cn: Eduardo Gomez
loginShell: /bin/bash
uidNumber: 2005
gidNumber: 1001
homeDirectory: /home/edugom
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
userPassword: edugom
dn:ou=profile,dc=tel,dc=uva,dc=es
ou: profile
objectClass: top
objectClass: organizationalUnit
dn:cn=proxyagent,ou=profile,dc=tel,dc=uva,dc=es
cn: proxyagent
sn: proxyagent
objectClass: top
objectClass: person
userPassword: password
dn:cn=default,ou=profile,dc=tel,dc=uva,dc=es
objectClass: top
objectClass: DUAConfigProfile
defaultServerList: 192.168.70.133
defaultSearchBase: dc=tel,dc=uva,dc=es
authenticationMethod: simple
followReferrals: TRUE
defaultSearchScope: one
searchTimeLimit: 30
profileTTL: 43200
bindTimeLimit: 2
cn: default
credentialLevel: proxy
serviceSearchDescriptor: passwd: ou=users,dc=tel,dc=uva,dc=es?one
serviceSearchDescriptor: group: ou=groups,dc=tel,dc=uva,dc=es?one
serviceSearchDescriptor: shadow: ou=users,dc=tel,dc=uva,dc=es?one
Then, I run the ldapclient:
ldapclient -v init -a proxyDN=cn=proxyagent,ou=profile,dc=tel,dc=uva,dc=es
-a proxyPassword=password -a domainname=tel.uva.es <ip.adress>
The file nsswitch.conf is now:
passwd: files ldap
group: files ldap
shadow files ldap
hosts: files dns
ipnodes: files dns
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
netgroup: ldap
automount: files ldap
aliases: files ldap
services: files ldap
printers: user files ldap
auth_attr: files ldap
prof_attr: files ldap
project: files ldap
tnrhtp: files ldap
tnrhdb: files ldap
The ldap_client_cred file is this:
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=tel,dc=uva,dc=es
NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411
The ldap_client_file is this:
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 192.168.70.133
NS_LDAP_SEARCH_BASEDN= dc=tel,dc=uva,dc=es
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= TRUE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= default
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=users,dc=tel,dc=uva,dc=es?one
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=groups,dc=tel,dc=uva,dc=es?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=users,dc=tel,dc=uva,dc=es?one
NS_LDAP_BIND_TIME= 2
With this configuration It seems to work well some things. Ldapsearch, id
and similar commands work well. But I want to login, and this is the
problem. When I try to login with a ldap user, the pc shows me a message
that I have to choose an initial password for my account, or because it has
expired. ok. I change the password, and when I try to login again the pc
shows me the same message, to change the password again. And this happens
always. I can't login because when I try to do it, the pc always say me to
change my password. The password changes well in the ldap server. I hope you
can understand my problem.
When I try to login, the ldap server shows this:
conn=76 op=91 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3
filter="(&(objectClass=shadowAccount)(uid=dpercam))"
conn=76 op=91 SRCH attr=uid userpassword shadowflag
<= bdb_equality_candidates: (uid) index_param failed (18)
conn=76 op=91 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=76 op=92 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3
filter="(&(objectClass=posixAccount)(uid=dpercam))"
conn=76 op=92 SRCH attr=cn uid uidnumber gidnumber gecos description
homedirectory loginshell
<= bdb_equality_candidates: (uid) index_param failed (18)
conn=76 op=92 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=76 op=93 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3
filter="(&(objectClass=shadowAccount)(uid=dpercam))"
conn=76 op=93 SRCH attr=uid userpassword shadowflag
<= bdb_equality_candidates: (uid) index_param failed (18)
conn=76 op=93 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=76 op=94 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3
filter="(&(objectClass=posixAccount)(uid=dpercam))"
conn=76 op=94 SRCH attr=cn uid uidnumber gidnumber gecos description
homedirectory loginshell
<= bdb_equality_candidates: (uid) index_param failed (18)
conn=76 op=94 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=76 op=95 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3
filter="(&(objectClass=shadowAccount)(uid=dpercam))"
conn=76 op=95 SRCH attr=uid userpassword shadowflag
<= bdb_equality_candidates: (uid) index_param failed (18)
conn=76 op=95 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=76 op=96 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3
filter="(&(objectClass=SolarisUserAttr)(uid=dpercam))"
conn=76 op=96 SRCH attr=uid SolarisUserQualifier SolarisAttrReserved1
SolarisAttrReserved2 SolarisAttrKeyValue
conn=76 op=96 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=76 op=97 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3
filter="(&(objectClass=posixAccount)(uid=dpercam))"
conn=76 op=97 SRCH attr=cn uid uidnumber gidnumber gecos description
homedirectory loginshell
<= bdb_equality_candidates: (uid) index_param failed (18)
conn=76 op=97 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=76 op=98 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3
filter="(&(objectClass=shadowAccount)(uid=dpercam))"
conn=76 op=98 SRCH attr=uid userpassword shadowflag
<= bdb_equality_candidates: (uid) index_param failed (18)
conn=76 op=98 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=76 op=99 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3
filter="(&(objectClass=posixAccount)(uid=dpercam))"
conn=76 op=99 SRCH attr=cn uid uidnumber gidnumber gecos description
homedirectory loginshell
<= bdb_equality_candidates: (uid) index_param failed (18)
conn=76 op=99 SEARCH RESULT tag=101 err=0 nentries=1 text=
Does anybody know what could be the problem??? I'm desesperate!
Thank you very much.
Daniel Pérez
_________________________________________________________________
MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org
