1. Authenticating Linux Client with ldaps://
2. Auto create home directory ( I will look into what you sent)
3. Auto-Increment UserID
Lets start with the first one.
I have 389-DS configured with SSL.
If I try to configure the Client with authconfig-tui command and deselecting TLS and ldaps:// it works fine.
Lets talk about CLient binding to ldaps://.
On Server Side, I found a crt file through find command as below:
[root@389-ds schema]# find / -name *.crt
/etc/pki/tls/certs/ca-bundle.
crt
Is that the certificate we need to send to /etc/openldap/cacerts/
As I can see links sent by fedora DS Mailing list experts is old one which talks about Fedora DS.
But the new 389-DS seems to have different location for the certificates.
Now I just copied this ca-bundle.crt to the client machine
Tried running:
authconfig-tui
TLS[*]
ldaps://<ip>/
dc=im,dc=sap,dc=com
I did created a user through Management Console.
[root@389-ds schema]# ldapsearch -x -b "dc=im,dc=sap,dc=com" -L '(objectclass=*)'
# rajeshwar, Env, im, Bangalore, isst.sapient.com
dn: uid=rajeshwar,cn=Env,ou=im,ou=Bangalore,dc=im,dc=sap,dc=com
uid: rajeshwar
givenName: Rajeshwar
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
objectClass: posixgroup
sn: k
cn: Rajeshwar k
uidNumber: 670
gidNumber: 670
homeDirectory: /home/rajeshwar
loginShell: /bin/bash
# search result
# numResponses: 28
# numEntries: 27
Now if I try to login through the username it doesnt display anything:
Jan 14 14:53:34 localhost sshd[3757]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
Jan 14 14:53:38 localhost sshd[3757]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...
Jan 14 14:53:46 localhost sshd[3757]: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
any idea what may be going wrong?
Is that the certificate we need to send to /etc/openldap/cacerts/
As I can see links sent by fedora DS Mailing list experts is old one which talks about Fedora DS.
But the new 389-DS seems to have different location for the certificates.
Now I just copied this ca-bundle.crt to the client machine
Tried running:
authconfig-tui
TLS[*]
ldaps://<ip>/
dc=im,dc=sap,dc=com
I did created a user through Management Console.
[root@389-ds schema]# ldapsearch -x -b "dc=im,dc=sap,dc=com" -L '(objectclass=*)'
# rajeshwar, Env, im, Bangalore, isst.sapient.com
dn: uid=rajeshwar,cn=Env,ou=im,ou=Bangalore,dc=im,dc=sap,dc=com
uid: rajeshwar
givenName: Rajeshwar
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
objectClass: posixgroup
sn: k
cn: Rajeshwar k
uidNumber: 670
gidNumber: 670
homeDirectory: /home/rajeshwar
loginShell: /bin/bash
# search result
# numResponses: 28
# numEntries: 27
Now if I try to login through the username it doesnt display anything:
Jan 14 14:53:34 localhost sshd[3757]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
Jan 14 14:53:38 localhost sshd[3757]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...
Jan 14 14:53:46 localhost sshd[3757]: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
any idea what may be going wrong?
--
”It is not possible to rescue everyone who is caught in the Windows quicksand
--Make sure you are on solid Linux ground before trying.”
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
