Re: Fedora Directory Authentication on CentOS 5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Thu, May 31, 2007 at 12:38:55PM +0100, first last wrote:
> Hi,
> 
> I am trying to set up a Fedora Directory server for centralised
> authentication.

I'm using that setup.

> I configure the directory server, add a user called (via the Java GUI)
> test

Could you do an ldap search for that user and show the output, please?
Like so:
# ldapsearch -LLL -x 'uid=lmf

The output should be something like:
dn: uid=lmf,ou=Users,dc=udp,dc=eurotux,dc=com
uid: lmf
cn: Luciano Rocha
cn: luciano
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 12715
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 501
gidNumber: 501
homeDirectory: /home/lmf
gecos: Luciano Rocha

the ou=Users can be ou=People or something else. But uid must be present
for the user you added and also objectClass: posixAccount.

Then check if you can bind to ldap using the dn of the user:
# ldapsearch -LLL -x 'uid=lmf' -D uid=lmf,ou=Users,dc=udp,dc=eurotux,dc=com -W uid
Enter LDAP Password: 
dn: uid=lmf,ou=Users,dc=udp,dc=eurotux,dc=com
uid: lmf

> and then, using system-config-authentication, enable LDAP on both
> tabs.
/etc/nsswitch.conf should have:
passwd:     files ldap

And /etc/openldap/ldap.conf should have a valid URI, pointing to the
server and a valid BASE

If that file has all those values commented out, then they should be in
/etc/ldap.conf.

In any case, also check /etc/ldap.conf. If /etc/openldap/ldap.conf has a
valid URI, then comment out any host definition. Check that base is the
correct one, and also check that any nss_base, if defined has the same
basedn as the one you found in the search.

Then test the user identification by running id <user>:
# id lmf
uid=501(lmf) gid=501(lmf) groups=501(lmf),...

If this works, then the next step is checking the pam configuration. But
I'll end the email now because it's lunch time here. :)

-- 
lfr
0/0

Attachment: pgp1nw1im9xjJ.pgp
Description: PGP signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux