[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: don't retrieve owner whith ls -l



Lise Didillon wrote:
> 
> hello,
> 
> I've sucessfully installed openldap 2.0.15 with pam_ldap 131. I use
> nis.schema for the user and group. I've construct the directory with the
> migration tools. Then I have added a new user Lise and some other users
> with ldapadd.
>   I log as this new user Lise. all is Ok but when I run an "ls -l" it can't
> find owner files when the owner is one of the new user It just show the
> associated UidNumber.

You might need to include the ldap directive in your
/etc/nsswitch.conf file, for passwd, shadow and group.

passwd:     files ldap
shadow:     files ldap
group:      files ldap

> I think that have something to do with the index or the ACLs.

Your ALCs should grant enough access. You might want to check them
enyway, as they are not restricyive enough. i would at least
restrict access to the userPassword attr to auth instead of read.

Regards,

rolek

> I've declared in my slapd.conf the following lines:
> 
> # Indices to maintain
> # ===================
> index    uid,uidNumber,gidNumber  eq
> index    cn                       eq,pres,sub
> index    objectClass              eq,pres
> index    memberUid                eq,pres
> 
> # Access Control List
> # ===================
> 
> defaultaccess   read
> 
> access to attr=userPassword,gecos
>             by self write
>             by dn="uid=root,ou=people,ou=confadmin" write
>             by dn="cn=admin,ou=confadmin" write
>            by * read
> 
> access to dn=".*,ou=people,ou=confadmin" attr=cn,loginShell,description
>             by self write
>             by dn="uid=root,ou=people,ou=confadmin" write
>             by dn="cn=admin,ou=confadmin" write
>             by * read
> 
> access to *
>            by dn="uid=root,ou=people,ou=confadmin" write
>            by dn="cn=admin,ou=confadmin" write
>           by anonymous auth
>            by * read
> 
> here are the new users I have added:
> dn: uid=lise,ou=People,ou=confAdmin
> uid: lise
> cn: lise Didillon
> loginShell: /bin/bash
> uidNumber: 501
> gidNumber: 100
> userType: 0
> userPassword:: e2NyeXB0fUxIQ0pKTDQ1QkduZDY=
> objectClass: top
> objectClass: posixAccount
> objectClass: account
> objectClass: miscUser
> homeDirectory: /home/users/lise
> 
> objectClass miscUser is just here for my own need and all the user (new or
> old) have this object class.
> 
> Can you help me please? any Idea will help me
> 
> best regards,
> 
> Lise Didillon

--
1A First Alternative rolek@alt001.com    www.alt001.com
Linvision BV         rolek@linvision.com (www|devel).linvision.com
--