Anyone just correct me if I am wrong. Do not set a "Manager" binddn in LDAP Client's /etc/ldap.conf file and expose the bindpw, try to use a different binddn object which has less ACL rights especially when Manager can change anything including userPassword, LDAP client will try to bind as anonymous if binddn/bindpw are not defined. Because it is binding as "Manager", it succeeded always even if there is any ACL at the server. RedHat's authconfig has an "operation" issue, it WILL ALWAYS OVERWRITE /etc/pam.d/system-auth (instead of incremental change) and MAY OVERWRITE /etc/ldap.conf if u define LDAP Authentication stuff, it may also make changes to /etc/nsswitch.conf and at the end restart nscd. Due to this, if u have customized or bug fix changes to /etc/ldap.conf, u hv to do the "step two" u called, manually. Gary -----Original Message----- From: pam-list-bounces@xxxxxxxxxx [mailto:pam-list-bounces@xxxxxxxxxx] On Behalf Of Rezk Mekhael Sent: Wednesday, September 22, 2004 7:54 AM To: openldap-software@xxxxxxxxxxxx Cc: pam-list@xxxxxxxxxx Subject: SUMMERY about Client Problem The reason I have this problem, I am running ACL on the server side, so I need to do two steps on the client side not one: One the client side: 1) run authconfig will update this 2 lines on /etc/ldap.conf "base ou=people,dc=domain,dc=com" "host ldap_server_name.domain.com" 2) edit /etc/ldap.conf binddn "cn=Manager,dc=domain,dc=com" bindpw "ldappassword" rootbinddn "cn=Manager,dc=domain,dc=com" Can we make a SUMMERY for all of the fix, it will be easy for all of us when we search , just the problem and the fix and in the subject line "SUMMERY for ....." -- Sincerely, Rezk Mekhael Manager of Systems At 01:09 PM 9/20/2004, Rezk Mekhael wrote: Hi managers, I have two redhat machines acting in an openldap client/server role. Whenever I try to log in to the openLdap client with my user ID registered in the LDAP directory you got the following message before getting a shell prompt : "Cannot find name for user ID..." but I am authenticated just fine, but I can retrieve my user ID using "id" but I can't see account name only I can see the ID not the account >name >login: my >Password: >Last login: Fri Sep 17 13:18:58 from oscar.abcz.com >id: cannot find name for user ID 670655 >robles11.abcz.com> ls -l >total 32 >-rwxr-xr-x 1 670655 36 4375 Sep 30 1999 dead.letter >drwxr-xr-x 2 670655 36 4096 Jul 10 18:37 mail >-rw-r--r-- 1 670655 36 19968 Feb 15 2000 ResearchReviewAccept >34.doc robles11.abdz.com> > > >It is the same problem in this link > >http://www.redhat.com/archives/redhat-list/2004-May/msg00911.html > > >any idea > > >-- >Sincerely, >Rezk Mekhael > >Incoming / Outgoing Mail scanned for known Viruses by CLUnet(R) Incoming / Outgoing Mail scanned for known Viruses by CLUnet(R) _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
