[Date Prev][Date Next]
On Thu, 17 Aug 2000, Hugo Monteiro wrote:
> I'm sorry to bother you guys about this one again ... help me out on
> this one please... =)
> Let's say I have an entry in my ldap database like (using ldif format):
> dn: uid=10051, o=organisation, c=country
> objectclass: person
> ou: people
> cn: John Doe
> sn: Doe
> givenname: John
> userpassword: secret
> manager: uid=500, o=organisation, c=country
> mail: firstname.lastname@example.org
> alias: john_doe
1) uid is supposed to be a string, not a number. The number would
2) The entry should contain the attribute type and value used to
form the Relative Distinguished Name. In English, you should
add 'uid: 10051' to the entry. Besides, if that is the
attribute used by pam_ldap, then it *has* to be in the entry,
the Distinguished Name alone is not enough.
3) The 'alias' attribute type is suspect, it is not defined. In general,
your schema use is defficient, 'person' does not allow most of the
attribute types you are using. And pam_ldap and nss_ldap will
usually look for entries of accont or posixAccount objectclass.
> having nss_ldap and pam_ldap installed in the system and configuring it
> in /etc/nsswitch.conf and /etc/pam.d/login I still find there is
> something missing ... like ... how do I tell the system what ldap server
> he should look for in order to make the queries and as well how do I
> give him the credentials so pam is authorized to make those queries ...
Usually, in a file named /etc/ldap.conf.
- From: Hugo Monteiro <email@example.com>