Re: AIX as openldap client

["Dieter Kluenter" <dieter@dkluenter.de>]

Stef Coene <stef.coene@docum.org> writes:

>> > Oct 26 20:44:12 ldap1 slapd[28664]: Entry
>> > (uid=xxx,ou=people,dc=xxx,dc=xxx), attribute 'shadowLastChange' not
>> > allowed
>> > Oct 26 20:44:12 ldap1 slapd[28664]: entry failed schema check: attribute
>> > 'shadowLastChange' not allowed
>> > 
>> > Is this important?
>> 
>> Yes, because either nis.schema or rfc2307bis.schema are missing.
> I just reconfigured the openldap server and made sure nis and rfc2307bis are 
> loaded.  I created a test user with

You may load either nis.schema or rfc2307bis.schema, but not both. I
depends on your PAM requirements, which one to load.
> objectClass: aixAuxAccount
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: inetOrgPerson
>
> I can login to my test linux server with this user but not on the AIX server.  
> When I do a telnet to the AIX server, I can enter the username, but before I 
> can enter the password, I get the error
> 3004-007 You entered an invalid login name or password.
>
> For the password, this is stored in plain text when I add the user.  Before I 
> can login to the linux server, I have to change it with passwd and after that, 
> the password is encrypted with {crypt} and I can login to the linux client:
> userPassword: {crypt}$1$.xxxxxxxxxxxxxxxxxxxxxxxx/
> Can this be the problem?  I don't know what encrytion AIX expects.

With regard to crypt, see
http://www.openldap.org/faq/data/cache/344.html
For more hashing algos see password-hash in slapd.conf(5). and
/etc/ldap.conf, pam_password.

-Dieter
  
-- 
Dieter Klünter | Systemberatung
sip: 7770535@sipgate.de 
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6