Hello! I thank u again 4 helping me. I really am very happy about it. Because If i have a problem i can usually find a slution myselfe. I spend much time in reading man pages, /usr/share/doc, mailing list archives, Books, HOWTOs and googeling, but when i get stuck another person who helps is really like an angel. Now i spend at least 2 Weeks/6hours a day and LDAP is still a mirracle for me. But thanks to u not as much as in the beginning :-) >> 2) I assume u hv run authconfig, if so, edit /etc/pam.d/system-auth >> change this: >> account sufficient /lib/security/$ISA/pam_unix.so >This really did something (see above) but why? > >GT: RedHat Bugzilla has a bug report on "no such user", similar to yr >"cannot find name for user" issue, there were some suggested workarounds, >I tried some of them but they did not work, and finally I found this is >the "workaround". Yes this was the solution, but what does that have to do with TLS/SSL? Why did it work without TLS/SSL, and didn't work wtih TLS/SSL - i wonder. Really seems to be a bug. >> What does that have to do with TLS??? > GT: Don't u want SSL protection? Sorry I ment TLS/SSL . U see after turning on TLS/SSL i got the "id: cant find..." problem. Without TLS/SSL it worked great right away. And now the same with the "proxyagent". I think it would be good for security. But at the moment i don't use it, because if i do (see config files in last EMail) i get the "id: cant find..." problem again. Now this astonishes me really. > dn: uid=testuser,ou=group,dc=amazone,dc=or,dc=at > > > GT: u seemed to mix up ou=People and ou=group, it shld be: > dn: uid=testuser,ou=People,dc=amazone,dc=or,dc=at > OR ELSE u must map ou=group as uid lookup in /etc/ldap.conf Ah, you see that was a typo. I changed something from the output. Its because i didn't want to complicate things. See i found out that u can have different Groups in LDAP. I found that i could use ObjectClass=posixGroup and memberuid=testuser in the ldif for the groups. So i created 2 group-leaves on top of "ou=group,dc=amazone,dc=or,dc=at", thats "cn=users,ou=group,dc=amazone,dc=or,dc=at" and "cn=team,ou=group,dc=amazone,dc=or,dc=at" Then i experimented with that and testuser was a leave on top of the user group. Which gives us "uid=testuser,cn=users,ou=group,dc=amazone,dc=or,dc=at" but all the other users where leaves on "ou=users,dc=amazone,dc=or,dc=at" like "uid=martina,ou=users,dc=amazone,dc=or,dc=at" (like in yr HOWTO) so i had to be very carefull with all my testing. Everytime i used your help and your HOWTO i had to test with a normal user. But when i wanted to test if a user is in the correct group and so on i used also testuser to see if there is a difference if the leave of a user is here or there... Now i will make weekend :-) Next week i'll try the "proxyagent" stuff again maybe. You seem to motivate me not to give up! Best regards ciao, nico. -- Supergünstige DSL-Tarife + WLAN-Router für 0,- EUR* Jetzt zu GMX wechseln und sparen http://www.gmx.net/de/go/dsl _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
