Re: i have no name!

[John Dalbec <jpdalbec@ysu.edu>]

Brian K. Jones wrote:
> Can't believe this hasn't ever made it to this list :)
>
> I'm running a stock Redhat 7.3 install, including the stock openldap
> packages.  I've made it through the importing of NIS data into the
> server, and I'm even able, at this point, to log in to another redhat
> box via ssh, which gets the login info from the ldap server (yay!).
>
> However, even though I can log into this box using info from the ldap
> server, it apparently can't determine my username, because my bash
> prompt looks like this: [i have no name!@host]
>
> Also, doing an 'ls -l' in my home directory shows uid number only - no
> names.  
>
> I did see one post which mentioned changing perms on a file called
> libnss-ldap.conf, which I don't even have on any of my systems, and have
> never seen documented.  The /etc/ldap.conf and /etc/openldap/ldap.conf
> files were made world readable, but this didn't solve the problem.  
>
> Tony Earnshaw's suggestion to 'play with the ACL's in slapd.conf' is
> vague at best.  I have no clue what I would possibly change to get this
> to somehow magically work. All I have in the way of acl's right now is
> this:
>
> access to dn="" by * read
> access to *
>         by self write
>         by users read
>         by anonymous auth
>
> That seems like it would be hard for a user to NOT have access to
> something.  

Actually ordinary users access the directory anonymously.  Otherwise the 
system would have to repeatedly ask you to enter your password in order 
to bind as you.  Root is an exception because there's only one password 
that it has to use (in /etc/ldap.secret).  Try "by anonymous read" in 
your ACL.  You might want to have a separate "access to 
attr=userPassword" paragraph so your encrypted passwords are not exposed.
John

> Any clues would be greatly appreciated.  I'd like to get passed this so
> I can start fighting with SSL :-o 
> Thanks.
> brian.