>From: "Enda O'Connor" <[EMAIL PROTECTED]>
>To: Daniel Pérez del Campo <[EMAIL PROTECTED]>
>CC: zones-discuss@opensolaris.org
>Subject: Re: [zones-discuss] trying to login with solaris Ldap client
>Date: Wed, 22 Aug 2007 13:12:22 +0100
>
>Daniel Pérez del Campo wrote:
>>
>>
>>
>>>From: "Enda O'Connor ( Sun Micro Systems Ireland)" <[EMAIL PROTECTED]>
>>>To: Daniel Pérez del Campo <[EMAIL PROTECTED]>
>>>CC: zones-discuss@opensolaris.org
>>>Subject: Re: [zones-discuss] trying to login with solaris Ldap client
>>>Date: Tue, 21 Aug 2007 13:43:21 +0100
>>>
>>>
>>>><= bdb_equality_candidates: (uid) index_param failed (18)
>>>>conn=76 op=98 SEARCH RESULT tag=101 err=0 nentries=1 text=
>>>>conn=76 op=99 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3
>>>>filter="(&(objectClass=posixAccount)(uid=dpercam))"
>>>>conn=76 op=99 SRCH attr=cn uid uidnumber gidnumber gecos description
>>>>homedirectory loginshell
>>>><= bdb_equality_candidates: (uid) index_param failed (18)
>>>>conn=76 op=99 SEARCH RESULT tag=101 err=0 nentries=1 text=
>>>>
>>>>Does anybody know what could be the problem??? I'm desesperate!
>>>>
>>>>Thank you very much.
>>>>
>>>>Daniel Pérez
>>>>
>>>>
>>>>_______________________________________________
>>>>zones-discuss mailing list
>>>>zones-discuss@opensolaris.org
>>>
>>>Looks like a pam issue?
>>>
>>>the server is finding the entry (nentries=1)
>>>
>>>What have you configured in /etc/pam.conf
>>>read man -s5 pam_ldap to get an idea
>>>
>>>so at a guess from your env above
>>>change
>>>
>>><service name> auth required pam_unix_auth.so.1
>>>to
>>>
>>><service name> auth binding pam_unix_auth.so.1 server_policy
>>>
>>>for all lines that match and add
>>><service name> auth required pam_ldap.so.1
>>>
>>>once for each srvice name that you changed.
>>>
>>>
>>>Also add the line
>>>other password required pam_authtok_store.so.1 server_policy
>>>
>>>
>>>other than that not too clear what is wrong.
>>>Enda
>>
>>I have changed the pam.conf as you said, but the problem is the same. It
>>forces me to change the password again and again. The pam.conf is this:
>>
>>login auth requisite pam_authtok_get.so.1
>>login auth required pam_dhkeys.so.1
>>login auth required pam_unix_cred.so.1
>>login auth binding pam_unix_auth.so.1 server_policy
>>login auth required pam_ldap.so.1
>>login auth required pam_dial_auth.so.1
>>
>>rlogin auth sufficient pam_rhosts_auth.so.1
>>rlogin auth requisite pam_authtok_get.so.1
>>rlogin auth required pam_dhkeys.so.1
>>rlogin auth required pam_unix_cred.so.1
>>rlogin auth binding pam_unix_auth.so.1 server_policy
>>rlogin auth required pam_ldap.so.1
>>
>>krlogin auth required pam_unix_cred.so.1
>>krlogin auth binding pam_krb5.so.1
>>krlogin auth binding pam_unix_auth.so.1 server_policy
>>krlogin auth required pam_ldap.so.1
>>
>>rsh auth sufficient pam_rhosts_auth.so.1
>>rsh auth required pam_unix_cred.so.1
>>
>>krsh auth required pam_unix_cred.so.1
>>krsh auth binding pam_krb5.so.1
>>krsh auth binding pam_unix_auth.so.1 server_policy
>>krsh auth required pam_ldap.so.1
>>
>>ktelnet auth required pam_unix_cred.so.1
>>ktelnet auth binding pam_krb5.so.1
>>ktelnet auth binding pam_unix_auth.so.1 server_policy
>>ktelnet auth required pam_ldap.so.1
>>
>>ppp auth requisite pam_authtok_get.so.1
>>ppp auth required pam_dhkeys.so.1
>>ppp auth required pam_unix_cred.so.1
>>ppp auth binding pam_unix_auth.so.1 server_policy
>>ppp auth required pam_ldap.so.1
>>ppp auth required pam_dial_auth.so.1
>>
>>other auth requisite pam_authtok_get.so.1
>>other auth required pam_dhkeys.so.1
>>other auth required pam_unix_cred.so.1
>>other auth binding pam_unix_auth.so.1 server_policy
>>other auth required pam_ldap.so.1
>>
>>passwd auth required pam_passwd_auth.so.1
>>
>>cron account required pam_unix_account.so.1
>>
>>other account requisite pam_roles.so.1
>>other account required pam_unix_account.so.1
>>
>>other session required pam_unix_session.so.1
>>
>>other password required pam_dhkeys.so.1
>>other password requisite pam_authtok_get.so.1
>>other password requisite pam_authtok_check.so.1
>>#other password required pam_authtok_store.so.1
>>other password required pam_authtok_store.so.1 server_policy
>>
>>I don't know what to do.
>>Does anybody know what is the problem??
>>Thank you very much.
>>
>>Daniel Perez
>>
>I'm not familiar with openldap config as such but I did find the following
>link which might help you out
>http://docs.lucidinteractive.ca/index.php/Solaris_LDAP_client_with_OpenLDAP_server
>
>have a read through it, seems you might have some work to do on the ldap
>server side
>
>regards
>Enda
I had read it before. There are 3 points to prepare the ldap server. As I
show in my first message, I have solaris.schema and DUAConfigProfile.schema
in my slapd.conf.
"Initializing the directory structure", I have done it,you can see in the
first message too. the unique different is that I have credentialLevel:
proxy, but I have done tests with anonymous credentialLevel too, and the
problem was the same.
And the other point is some confuse, "patching OpenLdap". I use Openldap
2.3, and in that link says that there are patchs to OpenLdap 2.0 and
OpenLdap 2.2. Do I have to suposse that I don't need a patch?? Anyway I
tried to use these patch and It doesn't run with my OpenLdap.
So I don't know...
Thank you.
regards.
Daniel Pérez
_________________________________________________________________
MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org
