[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP and FireWall-1

wel what it did was create the ldap directory, then poplate it witha
couple of test users, and then I used the UAM to connect to the LDAP
server as LDAP root. I created all the group with UAM, and used a
combination of existing accounts and accounts made with UAM. I'd have to
redo the whole thing to tell you what kind of group I had.

On a related note, the reason (i suspect) that my LDAP is gone now it
that I have populated it with users and passwords and all that jazz,
then weeks later I noticed that i had spelled a cn wrong, so i used gq
to change it. Once I had changed teh cn of the entry(incorrectly of
course), i couldn't change it again. So i tried to change another, and
got the same result. Then one more for good measure, no luck changing an
already changed cn entry. As my luck would have it, the next time i
restarted the ldap server, i could not add query, or anything else. the
whole database was hosed. So now I have to restore from my original
netscape abook.ldif files. sniff, sniff, edit, edit. ;)

Anyhow, if I get the time soon, I'll be sure to let you know how exactly
I had it working. For the sake of completeness, I was using the linux
fw-1 4.1 beta on redhat 6.1, with openldap 1.2.8 and SecuRemote 4118 on
NT 4 sp5. 


> I can authenticate, but when I try to let the user do what he is authenticated
> to (in this case a telnet-connection) I get the error message, that the user
> is not in the allowed group. Did you use a groupOfNames or groupOfUniqueNames?
> Konstantin
> --
> Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood@agouros.de
> Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185
> ----------------------------------------------------------------------------
> "Captain, this ship will not sustain the forming of the cosmos." B'Elana Torres