Re: AIX as openldap client

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Monday, 8 November 2010 16:07:25 Stef Coene wrote:
> On Monday 08 November 2010, you wrote:
> > Hello Stef,
> > 
> > could you please point what you did to solve your problems as anybody
> > else could be interested in that solution. Unfortunately, these
> > machines are on my schedule, too. :)
> 
> I'm documenting the steps I do to get it working and the possible problems.
> When I'm done, I will post them somewhere.
> I also have to this on the production servers.
> 
> I still have some problems with the passwords.  I have to change the
> password from an AIX box before it works.

What hash ends up in userPassword in this case? crypt? Real crypt(), with it's 
8-character limit?

This normally indicates a problem in the configuration. On a Linux host, this 
would typically indicate that nss_ldap was set up, but pam_ldap was not, and 
authentication was working via app->PAM->pam_unix->getspent(3)->nss->nss_ldap-
>LDAP, whereas you may prefer app->PAM->pam_ldap (otherwise some pam_ldap-
based authorization features don't work, password hashes are limited to those 
that are supported by all your clients etc.).

I don't have any access to our AIX hosts though ...

Regards,
Buchan