Re: How to set up 389 client

Grzegorz Dwornicki <gd1100@xxxxxxxxx> · Mon, 14 Jan 2013 16:54:28 +0100

I do not know what you mean in DIACAP... acl I assume that you mean local permision on system: I used ldap accounts with local permissions and I did not experience any problems AFAICT.
Greg.
14 sty 2013 16:48, "Chaudhari, Rohit K." <Rohit.Chaudhari@xxxxxxxxxx> napisał(a):

Is this something that will cause an issue with ACL/DIACAP restrictions?

I'm not sure if you know what those are, but correct me if I'm wrong.

Thanks.

On 1/14/13 10:44 AM, "Doug Tucker" <tuckerd@xxxxxxxxxxxx> wrote:

>It's not going to show you the ldap users only the local ones.

>

>Sincerely,

>

>Doug Tucker

>

>On 01/14/2013 09:17 AM, Chaudhari, Rohit K. wrote:

>> The id <ldap-user-name> command works just fine.  That is not where I

>> am having the issue.  The issue lies in the local Users and Groups

>> list in the RHEL client.

>>

>> When I click through System->Administration->Users and Groups, the

>> ldap-user-name is not showing up on that list.  How do I get it to

>> show up on that list? This is a concern to me because my bosses are

>> questioning whether the ldap-user-name I created has proper ACL

>> privileges and would meet DIACAP requirements.

>>

>> Thanks,

>>

>> Rohit

>>

>> From: Chandan Kumar <chandank.kumar@xxxxxxxxx

>> <mailto:chandank.kumar@xxxxxxxxx>>

>> Reply-To: "General discussion list for the 389 Directory server

>> project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx

>> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>

>> Date: Monday, January 7, 2013 1:43 PM

>> To: "General discussion list for the 389 Directory server project."

>> <389-users@xxxxxxxxxxxxxxxxxxxxxxx

>> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>>

>> Subject: Re:  How to set up 389 client

>>

>> Sounds bit strange. what is out put of "id <ldap-user-name>". If sssd

>> is configured properly this command has to work. Moreover, while you

>> execute this command watch /var/log/secure.log for any error messages.

>>

>> Also disable selinux/Firewall and test.

>>

>> On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:

>>

>>     I configured everything with SSSD as you suggested.  I'm able to

>>     do successful logins authenticating against the LDAP server, but

>>     when I check the Users and Groups list on the client machine, that

>>     newly created user isn't added.  Thoughts?

>>

>>     Thanks.

>>

>>     From: Chandan Kumar <chandank.kumar@xxxxxxxxx <_javascript_:_e({},

>>     'cvml', 'chandank.kumar@xxxxxxxxx');>>

>>     Reply-To: "General discussion list for the 389 Directory server

>>     project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx <_javascript_:_e({},

>>     'cvml', '389-users@xxxxxxxxxxxxxxxxxxxxxxx');>>

>>     Date: Monday, January 7, 2013 1:36 PM

>>     To: "General discussion list for the 389 Directory server

>>     project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx <_javascript_:_e({},

>>     'cvml', '389-users@xxxxxxxxxxxxxxxxxxxxxxx');>>

>>     Subject: Re:  How to set up 389 client

>>

>>     are you using SSSD on client side or PADL/NSS?

>>

>>     On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:

>>

>>         I do specify the POSIX properties on the LDAP side.  But when

>>         I login with that created user on the client side and check

>>         the Users and Groups list on the client machine, it is not

>>         listed there.  I did avoid the warning message by adding the

>>         LDAP user to a group that already exists.  I want the user I

>>         create in LDAP to become listed in the Users and Groups list

>>         on the client (for ACL purposes, if you know anything

>>         regarding meeting DIACAP guidelines).  Did I miss something?

>>

>>         Thanks

>>

>>         From: Chandan Kumar <chandank.kumar@xxxxxxxxx>

>>         Reply-To: "General discussion list for the 389 Directory

>>         server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>

>>         Date: Monday, January 7, 2013 11:39 AM

>>         To: "General discussion list for the 389 Directory server

>>         project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>

>>         Subject: Re:  How to set up 389 client

>>

>>         Hello Rohit,

>>

>>         While creating users you also need to specify POSIX properties

>>         for the user.

>>

>>         In admin console you need to fill out posix properties details

>>         while creating the user. Also make sure you create posix

>>         groups and associate these new users with the group ID

>>         otherwise while login time you may get some warning message

>>         like  "id: Group does not exist".

>>

>>

>>

>>

>>         --

>>         http://about.me/chandank

>>

>>

>>         On Mon, Jan 7, 2013 at 7:27 AM, Chaudhari, Rohit K.

>>         <Rohit.Chaudhari@xxxxxxxxxx> wrote:

>>

>>             Hey Chandan,

>>

>>             So I got the RHEL client working, but I have an

>>             outstanding issue.  When I look at the users/groups

>>             setting on the client machine, the newly created user that

>>             I made on the RHEL LDAP server does not show up on the

>>             list.  Is this how it is supposed to work?  If not, how do

>>             I get a LDAP user to become a part of the users and groups

>>             list on the RHEL client?

>>

>>             Thanks,

>>

>>             Rohit

>>

>>             From: Chandan Kumar <chandank.kumar@xxxxxxxxx>

>>             Reply-To: "General discussion list for the 389 Directory

>>             server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>

>>             Date: Thursday, December 20, 2012 6:21 PM

>>

>>             To: "General discussion list for the 389 Directory server

>>             project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>

>>             Subject: Re:  How to set up 389 client

>>

>>             Yes do need to replace it with SSSD. If you are having a

>>             fresh Centos install, by default it is sssd only.

>>

>>             Best way would be to use the authconfig tool as it changes

>>             all related files and you don't have to manually change

>>             all of them.  Moreover, you also need change the nss.conf

>>             file and make sure groups/users do have sssd instead of

>>ldap.

>>

>>             From RHEL 6.4 sssd will be fully supported and it gives

>>             better performance if you intend to integrate many

>>             applications with LDAP as it does not open multiple

>>             connections with the directory server.

>>

>>             I will look that guide again and will try to improve it.

>>

>>             On Thursday, December 20, 2012, Chaudhari, Rohit K. wrote:

>>

>>                 Okay I will try checking those parameters.  I am doing

>>                 sssd, I used ldap pan before in CentOS 6 and that ha

>>

>>

>>

>> --

>>

>> --

>> http://about.me/chandank

>>

>>

>>

>> --

>> 389 users mailing list

>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx

>> https://admin.fedoraproject.org/mailman/listinfo/389-users

>

>--

>389 users mailing list

>389-users@xxxxxxxxxxxxxxxxxxxxxxx

>https://admin.fedoraproject.org/mailman/listinfo/389-users

--

389 users mailing list

389-users@xxxxxxxxxxxxxxxxxxxxxxx

https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users