[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AIX as openldap client


I still have problems with AIX clients. On AIX, you can choose between ldap_auth and unix_auth.

When authtype=ldap_auth: AIX will send a bind request to the LDAP server using the user's login and password. If the LDAP bind is successful, then the user's password is considered valid.

When authtype=unix_auth: AIX will encrypt the password you entered and compare it with the encrypted password in the "userpassword" field that's stored in the user's entry on LDAP. So with unix_auth, AIX will send a search to the LDAP server to retrieve the user's entry. The password validation is done on the AIX client.

I don't want to use unix_auth. This limits the password to be encrypted with {crypt} and that is not compatible with non-AIX clients.

The problem is that unx_auth is working and ldap_auth is not. (unx_auth is working when I change the password from an AIX client)

I can 'see' the password in the ldap server output (debug mode -d 2) when I try to login to the AIX client with ldap_auth.

When I use the ldapsearch command on the AIX server, I also get an error:

ldapsearch -h -p 389 -D "uid=test,ou=People,dc=test,dc=intra" -w secret -b "dc=test,dc=intra" objectclass=*

ldap_simple_bind: Invalid credentials

Is it possible that I can not do the bind as a regular user?


This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email