Re: Unable to login to local LDAP server

[Stephen Torri <storri@sbcglobal.net>]

On Fri, 2002-07-05 at 13:41, Todd Lyons wrote:
> Stephen Torri wanted us to know:
> 
> >On Fri, 2002-07-05 at 09:59, Alan Womack wrote:
> >> I've not seen that particular error message, but I have similiar issues from the PAM system-auth module when I have LDAP enabled in the account section.  Although, commenting out the line neuters ldap for login purposes, it does allow me to continue working on other issues until I can come back to that one.
> >What tool(s) do you use to administer your OpenLDAP server? How can I be
> >sure that I have the server set up properly? Any recommended reading?
> 
> If you are using Mandrake, there is a utility named userdrake that can
> manage users on an ldap directory.  The first issue to deal with is that
> userdrake creates secondary group entries in the uniqueMember attribute,
> putting the full dn for the user as the value.  nss_ldap reads both
> uniqueMember -and- memberUid to determine groups.  If you have been
> putting just "username" in the memberUid attribute, then userdrake won't
> recognize it.  
> 
> It might be convenient for you to setup a Mandrake box just for
> directory user administration, however, you will have to download the
> source rpm for nss_ldap-194 (Mdk 8.2 ships with nss_ldap-173), rebuild
> it on your 8.2 box, and upgrade that.  The second issue is that
> userdrake by default wants to use standard unix crypt instead of the gnu
> extension (MD5 shadowed crypt), but changing the password from the
> commandline with 'passwd username' works properly if your
> /etc/ldap.conf, /etc/pam.d/system-auth, and /etc/pam.d/passwd are
> configured properly, so you're covered there.

I am using RedHat 7.2 on all systems right now. Userdrake should be able
to be compiled for RedHat right? Or is there another alternative?

Stephen