That's it!!

Thank you very much Gary for your help.

Now, I am able to connect to my LDAP server.

Just another question please: is it necessary to write
the bindpw password in clear text in /etc/ldap.conf?

Tank you again.


--- "Tay, Gary" a écrit :
> I noticed that:
>
> 1) You did not provide binddn and bindpw in
> /etc/ldap.conf
>
> # The distinguished name to bind to the server with.
> # Optional: default is to bind anonymously.
> #binddn cn=exampleuser,dc=example,dc=com
> binddn cn=nssldap,ou=DSA,dc=example,dc=com
>
> # The credentials to bind with.
> # Optional: default is no credential.
> bindpw pw_in_clear_text
>
> 2) Your rootbinddn in /etc/ldap.conf should be
> "cn=Manager,dc=example,dc=com", i.e. tally with
> slapd.conf
>
> # The distinguished name to bind to the server with
> # if the effective user ID is root. Password is
> # stored in /etc/ldap.secret (mode 600)
> rootbinddn cn=Manager,dc=example,dc=com
>
> Gary
>
> -----Original Message-----
> From: fatima riadi [mailto:ftmriadi@yahoo.fr]
> Sent: Mon 3/21/2005 11:57 PM
> To: Tay, Gary
> Cc: secureshell@securityfocus.com
> Subject: RE: Re: ssh connection to an ldap server
>
>
>
> --- "Tay, Gary" a écrit :
> > If you suspect pam_ldap, show us the
> > /etc/nsswitch.conf and /etc/pam.d/system-auth
> and/or
> > /etc/pam.d/sshd.
> >
>
>

================================================== ====
> Here is my slapd.conf file content:
>
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include
> /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/samba.schema
> include
>
> /etc/openldap/schema/redhat/rfc822-MailMember.schema
> include
> /etc/openldap/schema/redhat/autofs.schema
>
>
> # Allow LDAPv2 client connections. This is NOT the
> default.
> allow bind_v2
>
> # Do not enable referrals until AFTER you have a
> working directory
> # service AND an understanding of referrals.
> #referral ldap://root.openldap.org
>
> pidfile /var/run/slapd.pid
> #argsfile //var/run/slapd.args
>
> access to attr=userPassword
> by self write
> by * auth
> access to dn="ou=users,dc=example,dc=com"
> by self write
> by dn="cn=nssldap,ou=DSA,dc=example,dc=com"
> read
> by users auth
> by anonymous read
> access to * by self write
> by * read
>
>
>

################################################## #####################
> # ldbm and/or bdb database definitions
>
>

################################################## #####################
>
> database ldbm
> suffix "dc=example,dc=com"
> rootdn "cn=Manager,dc=example,dc=com"
> rootpw
> {SSHA}Cu0mazfs7JKjmJaCrZQszD1G7ijRpIKO
>
> # The database directory MUST exist prior to
> running
> slapd AND
> # should only be accessible by the slapd and slap
> tools.
> # Mode 700 recommended.
> directory /var/lib/ldap
>
> # Indices to maintain for this database
> index objectClass eq,pres
> index ou,cn,mail,surname,givenname eq,pres,sub
> index uidNumber,gidNumber,loginShell eq,pres
> index uid,memberUid eq,pres,sub
> index nisMapName,nisMapEntry eq,pres,sub
> index sambaSID,sambaDomainName,sambaPrimaryGroupSID
> eq
>
>

================================================== ====
> /etc/pam.d/sshd
>
> #%PAM-1.0
> auth required pam_stack.so
> service=system-auth
> auth required pam_nologin.so
> account required pam_stack.so
> service=system-auth
> password required pam_stack.so
> service=system-auth
> session required pam_stack.so
> service=system-auth
> session required pam_limits.so
> session optional pam_console.so
>
>

================================================== ====
>
> > pam_ldap works with nss_ldap, also show
> > /etc/ldap.conf.
>
> And this is my /etc/ldap.conf file:
>
> # Your LDAP server. Must be resolvable without
> using
> LDAP.
> host 127.0.0.1
>
> # The distinguished name of the search base.
> base dc=example,dc=com
>
> # Another way to specify your LDAP server is to
> provide an
> # uri with the server name. This allows to use
> # Unix Domain Sockets to connect to a local LDAP
> Server.
> #uri ldap://127.0.0.1/
> #uri ldaps://127.0.0.1/
> #uri ldapi://%2fvar%2frun%2fldapi_sock/
> # Note: %2f encodes the '/' used as directory
> separator
>
> # The LDAP version to use (defaults to 3
> # if supported by client library)
> #ldap_version 3
>
> # The distinguished name to bind to the server
> with.
> # Optional: default is to bind anonymously.
> #binddn cn=exampleuser,dc=example,dc=com
>
> # The credentials to bind with.
> # Optional: default is no credential.
> #bindpw secret
>
> # The distinguished name to bind to the server with
> # if the effective user ID is root. Password is
> # stored in /etc/ldap.secret (mode 600)
> rootbinddn cn=nssldap,ou=DSA,dc=example,dc=com
>
> # The port.
> # Optional: default is 389.
> #port 389
>
> # The search scope.
> #scope sub
> #scope one
> #scope base
>
> # Search timelimit
> #timelimit 30
>
> # Bind timelimit
> #bind_timelimit 30
>
> # Idle timelimit; client will close connections
> # (nss_ldap only) if the server has not been
> contacted
> # for the number of seconds specified below.
> #idle_timelimit 3600
>
> # Filter to AND with uid=%s
> #pam_filter objectclass=account
>
> # The user ID attribute (defaults to uid)
> #pam_login_attribute uid
>
> # Search the root DSE for the password policy
> (works
> # with Netscape Directory Server)
> #pam_lookup_policy yes
>

=== message truncated ===






Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/