[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AIX as openldap client


I just wanted to point you to the official guides from IBM howto
configure your AIX ldap client, which worked fine for me, except für
sudo-ldap, but that's another topic.

Section 7: http://www.redbooks.ibm.com/redbooks/pdfs/sg247165.pdf

Bye, Benjamin.

On Mon, Nov 15, 2010 at 10:45, Stef Coene <stef.coene@docum.org> wrote:
> Hi,
> I still have problems with AIX clients. On AIX, you can choose between
> ldap_auth and unix_auth.
> When authtype=ldap_auth: AIX will send a bind request to the LDAP server
> using the user's login and password. If the LDAP bind is successful, then
> the user's password is considered valid.
> When authtype=unix_auth: AIX will encrypt the password you entered and
> compare it with the encrypted password in the "userpassword" field that's
> stored in the user's entry on LDAP. So with unix_auth, AIX will send a
> search to the LDAP server to retrieve the user's entry. The password
> validation is done on the AIX client.
> I don't want to use unix_auth. This limits the password to be encrypted with
> {crypt} and that is not compatible with non-AIX clients.
> The problem is that unx_auth is working and ldap_auth is not. (unx_auth is
> working when I change the password from an AIX client)
> I can 'see' the password in the ldap server output (debug mode -d 2) when I
> try to login to the AIX client with ldap_auth.
> When I use the ldapsearch command on the AIX server, I also get an error:
> ldapsearch -h -p 389 -D "uid=test,ou=People,dc=test,dc=intra"
> -w secret -b "dc=test,dc=intra" objectclass=*
> ldap_simple_bind: Invalid credentials
> Is it possible that I can not do the bind as a regular user?
> Stef
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________

To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
be is to do -- Sartre | Do be do be do -- Sinatra