[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AIX as openldap client

To: Stef Coene <stef.coene@docum.org>
Subject: Re: AIX as openldap client
From: Benjamin Griese <der.darude@gmail.com>
Date: Mon, 15 Nov 2010 11:04:24 +0100
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=yGf+fccnXcwh17+afQECOofU47VomHsF25uM6jjsw7E=; b=msAG65a2ASW2e7nz4MvFA3K/sxKbFSz2oxyChG7XmYVLw8yx4IboYTKQ9jCj+uQiGI 6tRqhu9mCGAPYIn3aYM5fwIW8qRhvN6f6hxzgUvFA0nOu5GryrbgUrt5cAbr2RQ0gHJI IdxESI5TpNpwJMxlSYkT5FdZrvPf25DiYpY6s=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=G9lyLtrqoJGLLyNz5O3KzsgWt/CyTIiuFxHdTemoEypCdwZ8sK1RdRtPAwVCR5d1sr 8yUzo50ORBTlWsFcr+Fra2pJF8pA4SwFDvFNrZrHnDxp3H+KLxl8un2C7NcrbiCGe0Ha fNGhSrkfbNoDWBhGFVEO+gj5LJA8xLFHL8QPI=
In-reply-to: <201011151045.26460.stef.coene@docum.org>
References: <201010262150.53658.stef.coene@docum.org> <201011091106.09200.bgmilne@staff.telkomsa.net> <201011091232.00843.stef.coene@docum.org> <201011151045.26460.stef.coene@docum.org>

Hello,

I just wanted to point you to the official guides from IBM howto
configure your AIX ldap client, which worked fine for me, except für
sudo-ldap, but that's another topic.

Section 7: http://www.redbooks.ibm.com/redbooks/pdfs/sg247165.pdf

Bye, Benjamin.

On Mon, Nov 15, 2010 at 10:45, Stef Coene <stef.coene@docum.org> wrote:
> Hi,
>
> I still have problems with AIX clients. On AIX, you can choose between
> ldap_auth and unix_auth.
>
> When authtype=ldap_auth: AIX will send a bind request to the LDAP server
> using the user's login and password. If the LDAP bind is successful, then
> the user's password is considered valid.
>
> When authtype=unix_auth: AIX will encrypt the password you entered and
> compare it with the encrypted password in the "userpassword" field that's
> stored in the user's entry on LDAP. So with unix_auth, AIX will send a
> search to the LDAP server to retrieve the user's entry. The password
> validation is done on the AIX client.
>
> I don't want to use unix_auth. This limits the password to be encrypted with
> {crypt} and that is not compatible with non-AIX clients.
>
> The problem is that unx_auth is working and ldap_auth is not. (unx_auth is
> working when I change the password from an AIX client)
>
> I can 'see' the password in the ldap server output (debug mode -d 2) when I
> try to login to the AIX client with ldap_auth.
>
> When I use the ldapsearch command on the AIX server, I also get an error:
>
> ldapsearch -h 172.30.222.20 -p 389 -D "uid=test,ou=People,dc=test,dc=intra"
> -w secret -b "dc=test,dc=intra" objectclass=*
>
> ldap_simple_bind: Invalid credentials
>
> Is it possible that I can not do the bind as a regular user?
>
> Stef
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>



-- 
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
be is to do -- Sartre | Do be do be do -- Sinatra

Follow-Ups:
- Re: AIX as openldap client
  - From: Stef Coene <stef.coene@docum.org>

References:
- Re: AIX as openldap client
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>
- Re: AIX as openldap client
  - From: Stef Coene <stef.coene@docum.org>
- Re: AIX as openldap client
  - From: Stef Coene <stef.coene@docum.org>

Prev by Date: Re: AIX as openldap client
Next by Date: Re: Pass-Through authentication
Index(es):
- Chronological
- Thread