Thanks,
I add a shadowaccount, i doing this command getent passwd (ok this
fonction), getent group (ok this fonction) and getent shadow(this fonction)
"dkakon:*:14573:0:99999:7:::".
ldapsearch -h localhost "uid=dkakon"
version: 1
dn: uid=dkakon,ou=People,dc=fr,dc=publicisgroupe,dc=net
givenName: dan
sn: kakon
telephoneNumber: 0650621292
loginShell: /bin/bash
gidNumber: 700
uidNumber: 700
mail: kakon.dan at gmail.com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
objectClass: shadowaccount
objectClass: passwordpolicy
objectClass: passwordobject
uid: dkakon
gecos: Dan Kakon
cn: dan kakon
homeDirectory: /home/dkakon
shadowMax: 99999
shadowMin: 00000
shadowLastChange: 14573
shadowWarning: 7
userPassword: {SSHA}3atvCZ+60iYb0qFtyzWg2p+HZFbpUgqCa4W0Xw==
passwordStorageScheme: MD5
One:
I don't a scheme of userPassword {SSHA} is by default, i add many attributes
shadowaccount, passwordpolicy
I add a value userpassword on my group dkakon, i went to authentie my user
dkakon. Now this work.
file /etc/ldap.conf (client rhel 5.4):
host rh5std.fr.publicisgroupe.net
base dc=fr,dc=publicisgroupe,dc=net
uri ldap://rh5std.fr.publicisgroupe.net
ldap_version 3
port 389
scope one
timelimit 120
bind_timelimit 120
bind_policy soft
idle_timelimit 3600
pam_filter objectclass=posixaccount
pam_login_attribute uid
pam_member_attribute gid
pam_password ssha
nss_base_passwd ou=People,dc=fr,dc=publicisgroupe,dc=net?sub
nss_base_shadow ou=People,dc=fr,dc=publicisgroupe,dc=net?sub
nss_base_group ou=Groups,dc=fr,dc=publicisgroupe,dc=net?sub
Thanks
Dan
2009/11/25 Andrew C. Dingman <andrew at dingman.org>
> On Wed, 2009-11-25 at 11:07 +0100, dan kakon wrote:
> > I not see a password in a shadow file, id user.
>
> Nor should you. Neither /etc/passwd nor /etc/shadow should contain any
> reference to your LDAP users. If things are set up right, though, you
> should be able to view them as NSS sees them with 'getent passwd' and
> 'getent shadow'. Depending on how you chose to set things up, there may
> be no shadow entries at all. Arguably, you don't need the shadow
> information for LDAP users, if password expiration and account vailidity
> are all being enforced at the directory server level.
>
> --
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
--
Dan Kakon
126, Avenue de Paris
94300 Vincennes
Tel : 0178689468
Port : 0650621292
email :dankakon at dksn.net
kakon.dan at gmail.com
Blog DKSN: www.dksn.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20091125/4a02f0bb/attachment.html
