[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: migrating passwd from NIS to LDAP
tir, 09.03.2004 kl. 20.45 skrev Chris Majewski:
> > The thing is, that your Posix account (compare it to /etc/passwd) for
> > cn: Xiushan(Shaun) Feng Doesn't exist, yet. You have to make it. Maybe
> > /etc/group and /etc/shadow, too.
>
> But I'm not Xiushan Feng! I'm Chris! And I do have an entry in the
> database, similar to the entry I pasted before. This entry is not
> exactly a passwd entry though -- for example, it doesn't say what my
> home directory is. What kind of entry is pam_ldap expecting exactly,
> (or is that a secret)?
No secret. Short as possible, from now on this is stuff for the Padl
pamldap list, so all further questions there ;)
1: To login via ssh a user has to have a login shell and a home
directory. More important, the user has to have a UID and a GID known to
the system.
2: To use something like Mozilla's LDAP client he doesn't.
So, add objectClass'es posixAccount and posixGroup to your users and
make sure they have at least a UID and UIDNR (corresponding to their
/etc/passwd UID and UIDNR), a GIDNR (/etc/passwd GID and /etc/group GID)
a CN, and if you want them to be able to log in, a login directory and a
login shell.
3: You might need extra stuff in /etc/ldap.conf. Once you change this by
hand, don't use RH's authconfig any more, unless you have a working
backup copy.
> > What OS and distro? (don't tell me, Windows XP, heh?)
>
> RedHat 9.
Get (jump from www.biot.com), compile and use GQ. It's a GUI that'll
teach you a lot about Openldap.
> > What Openldap version?
>
> rpm -qa says:
> openldap-2.0.27-8
O.k. for the time being; you'll want to upgrade at some time in the
future.
--Tonni
--
mail: billy - at - billy.demon.nl
http://www.billy.demon.nl