[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: user authentication on irix 6.5.20 with ldap?



Markus,

Current versions of Irix (pre 6.5.22) won't handle user 
authentication against LDAP as the Linux machines do.

Basically, what you end up with is a situation where UNS/NSD
binds to the directory and populates the passwd, group, etc
information almost similarly to the way it would handle NIS.
All/most of your client-side configuration information will
be handled in /etc/nsswitch.conf (to tell nsd to use LDAP)
and /var/ns/ldap.conf (for server, binddn and formatting 
information).  For the most part it's functional.  There's
no support for ssl/tls (which is misleading because of the
"security" option in ldap.conf).  Also, there is no native
utility for users to change their passwords.

I've heard that support for LDAP should improve significantly
with 6.5.22 and there is some hints on Supportfolio eluding
to this as well (if you have a Supportfolio account, go to
the knowledgebase and search for "PAM").

Email me offline if you need some configuration hints.

-Steve


> -----Original Message-----
> From: Markus Krause [mailto:krause@biochem.mpg.de]
> Sent: Wednesday, October 15, 2003 12:30 PM
> To: openldap-software@OpenLDAP.org
> Subject: user authentication on irix 6.5.20 with ldap?
> 
> 
> hi all,
> 
> im setting up an openldap server for the user authentication, 
> the server is
> running on a box with debian woody r1, version 2.0.27 
> compiled with tls
> support.
> 
> authentication of users on linux machines works great, (all 
> with tls/ssl) but so
> far i was not able to do the same with our silicon graphics 
> machines running
> irix 6.5.20 (also without tls/ssl). unfortunately i am not 
> familiar with "uns"
> (unified name service) and so tried to do it similar as on 
> the linux machines
> and according to the (few) documentation (e.g. man pages) i 
> found, i removed
> the "nis" entries and added "ldap" to "group" and "passwd" in
> /etc/nsswitch.conf", finaly i added the following in 
> /etc/openldap/ldap.conf,
> /etc/ldap-ns.conf
> 
> ----
> # ldap.conf / ldap-ns.conf
> BASE    dc=biochem,dc=mpg,dc=de
> URI     ldaps://ldapserv1.biochem.mpg.de
> 
> ldap_version    3
> ssl     true
> tls_cacert      /etc/openldap/certs/ldapserv1-cacert.pem
> -----
> 
> and in /usr/var/ns/ldap.conf :
> ----
> ; /usr/var/ns/ldap.conf
> server  10.251.0.16   ; ip of ldapserv1.biochem.mpg.de
> version 3
> base    "dc=biochem,dc=mpg,dc=de"
> scope   subtree
> ----
> 
> an "ldapsearch -x" shows all the ldap data saved on the 
> ldapserver, so at least
> one of the above mentioned files is used by ldapsearch correctly.
> 
> but tcpdump shows nothing when a login on the irix machine is tried.
> 
> does anyone know how to set up these files correctly?
> 
> any hint is appreceated!
> 
> thanks in advance
> 
>   markus
> 
> --
> Markus Krause                           email: krause@biochem.mpg.de
> Max-Planck-Institute of Biochemistry    phone: +49-89-8578-2825
> Computing Center
> 
> ---------------------------------------------------------------------
>      This message was sent using https://webmail.biochem.mpg.de
> If you encounter any problems please report to rz-linux@biochem.mpg.de
> 
>