[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Help with Solaris LDAP client (how to make client read shadow information)



root@solaris:~# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=Dummy
NS_LDAP_BINDPASSWD= {NS1}3df552e9d230
NS_LDAP_SERVERS= 10.208.55.126
NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=org
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_SCOPE= sub
NS_LDAP_CACHETTL= 0
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=mydomain,dc=org?sub
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=mydomain,dc=org?sub
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=mydomain,dc=org?sub
NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple

ldif sample:
dn: uid=pepe,ou=People,dc=mydomain,dc=org
uid: pepe
cn: Pepe Longstocking
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$6$KrdeSmkx$xvFUO40DKcq1GkJ00000tAGS0oBuWBAAAAAAvxrl1
shadowLastChange: 15358
shadowMax: 35
shadowWarning: 35
loginShell: /bin/ksh
uidNumber: 215
gidNumber: 212
homeDirectory: /home/pepe
gecos: Pepe Longstocking



On Fri, Feb 10, 2012 at 11:15 AM, NetNinja <2bitninja@gmail.com> wrote:
Can you show the output of ldapclient list command and the ldif files
you used to add the solaris client to the LDAP server.

On Thu, Feb 9, 2012 at 8:32 PM, curious penguin <pepe.the.bofh@gmail.com> wrote:
> Hi,
>
> I have ldap clients on two different OS platforms, Solaris and Linux.
> When "shadowExpire" for a specific user is set, the Linux client sees
> the change and denies logon for the user which is what I'm trying to
> implement. But this behaviour doesn't work in my Solaris client. It
> seems like it doesn't respect the rest of the shadow attributes on the
> Ldap server. I've been scratching my head for days now but doing so
> haven't help me figure out what the problem or reason is.
>
> Could anyone shed some light on this.
>