RE: Re: ssh connection to an ldap server

• Previous message: fatima riadi: "RE: Re: ssh connection to an ldap server"
• Maybe in reply to: fatima riadi: "RE: Re: ssh connection to an ldap server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 21 Mar 2005 19:45:59 +0100 (CET)
To: "Tay, Gary" <Gary_Tay@platts.com>

I tested setting the bindpw password encrypted using
the SSHA hash code and that works fine.

Thanks again

 --- fatima riadi <ftmriadi@yahoo.fr> a écrit :
> That's it!!
>
> Thank you very much Gary for your help.
>
> Now, I am able to connect to my LDAP server.
>
> Just another question please: is it necessary to
> write
> the bindpw password in clear text in /etc/ldap.conf?
>
> Tank you again.
>
>
> --- "Tay, Gary" <Gary_Tay@platts.com> a écrit :
> > I noticed that:
> >
> > 1) You did not provide binddn and bindpw in
> > /etc/ldap.conf
> >
> > # The distinguished name to bind to the server
> with.
> > # Optional: default is to bind anonymously.
> > #binddn cn=exampleuser,dc=example,dc=com
> > binddn cn=nssldap,ou=DSA,dc=example,dc=com
> >
> > # The credentials to bind with.
> > # Optional: default is no credential.
> > bindpw pw_in_clear_text
> >
> > 2) Your rootbinddn in /etc/ldap.conf should be
> > "cn=Manager,dc=example,dc=com", i.e. tally with
> > slapd.conf
> >
> > # The distinguished name to bind to the server
> with
> > # if the effective user ID is root. Password is
> > # stored in /etc/ldap.secret (mode 600)
> > rootbinddn cn=Manager,dc=example,dc=com
> >
> > Gary
> >
> > -----Original Message-----
> > From: fatima riadi [mailto:ftmriadi@yahoo.fr]
> > Sent: Mon 3/21/2005 11:57 PM
> > To: Tay, Gary
> > Cc: secureshell@securityfocus.com
> > Subject: RE: Re: ssh connection to an ldap server
> >
> >
> >
> > --- "Tay, Gary" <Gary_Tay@platts.com> a écrit :
> > > If you suspect pam_ldap, show us the
> > > /etc/nsswitch.conf and /etc/pam.d/system-auth
> > and/or
> > > /etc/pam.d/sshd.
> > >
> >
> >
>
======================================================
> > Here is my slapd.conf file content:
> >
> > include /etc/openldap/schema/core.schema
> > include
> /etc/openldap/schema/cosine.schema
> > include
> > /etc/openldap/schema/inetorgperson.schema
> > include /etc/openldap/schema/nis.schema
> > include /etc/openldap/schema/samba.schema
> > include
> >
> >
> /etc/openldap/schema/redhat/rfc822-MailMember.schema
> > include
> > /etc/openldap/schema/redhat/autofs.schema
> >
> >
> > # Allow LDAPv2 client connections. This is NOT
> the
> > default.
> > allow bind_v2
> >
> > # Do not enable referrals until AFTER you have a
> > working directory
> > # service AND an understanding of referrals.
> > #referral ldap://root.openldap.org
> >
> > pidfile /var/run/slapd.pid
> > #argsfile //var/run/slapd.args
> >
> > access to attr=userPassword
> > by self write
> > by * auth
> > access to dn="ou=users,dc=example,dc=com"
> > by self write
> > by
> dn="cn=nssldap,ou=DSA,dc=example,dc=com"
> > read
> > by users auth
> > by anonymous read
> > access to * by self write
> > by * read
> >
> >
> >
>
#######################################################################
> > # ldbm and/or bdb database definitions
> >
> >
>
#######################################################################
> >
> > database ldbm
> > suffix "dc=example,dc=com"
> > rootdn "cn=Manager,dc=example,dc=com"
> > rootpw
> > {SSHA}Cu0mazfs7JKjmJaCrZQszD1G7ijRpIKO
> >
> > # The database directory MUST exist prior to
> > running
> > slapd AND
> > # should only be accessible by the slapd and slap
> > tools.
> > # Mode 700 recommended.
> > directory /var/lib/ldap
> >
> > # Indices to maintain for this database
> > index objectClass eq,pres
> > index ou,cn,mail,surname,givenname
> eq,pres,sub
> > index uidNumber,gidNumber,loginShell eq,pres
> > index uid,memberUid
> eq,pres,sub
> > index nisMapName,nisMapEntry
> eq,pres,sub
> > index
> sambaSID,sambaDomainName,sambaPrimaryGroupSID
> > eq
> >
> >
>
======================================================
> > /etc/pam.d/sshd
> >
> > #%PAM-1.0
> > auth required pam_stack.so
> > service=system-auth
> > auth required pam_nologin.so
> > account required pam_stack.so
> > service=system-auth
> > password required pam_stack.so
> > service=system-auth
> > session required pam_stack.so
> > service=system-auth
> > session required pam_limits.so
> > session optional pam_console.so
> >
> >
>
======================================================
> >
> > > pam_ldap works with nss_ldap, also show
> > > /etc/ldap.conf.
> >
> > And this is my /etc/ldap.conf file:
> >
> > # Your LDAP server. Must be resolvable without
> > using
> > LDAP.
> > host 127.0.0.1
> >
> > # The distinguished name of the search base.
> > base dc=example,dc=com
> >
> > # Another way to specify your LDAP server is to
> > provide an
> > # uri with the server name. This allows to use
> > # Unix Domain Sockets to connect to a local LDAP
> > Server.
> > #uri ldap://127.0.0.1/
> > #uri ldaps://127.0.0.1/
> > #uri ldapi://%2fvar%2frun%2fldapi_sock/
> > # Note: %2f encodes the '/' used as directory
> > separator
> >
> > # The LDAP version to use (defaults to 3
> > # if supported by client library)
> > #ldap_version 3
> >
> > # The distinguished name to bind to the server
> > with.
> > # Optional: default is to bind anonymously.
> > #binddn cn=exampleuser,dc=example,dc=com
> >
> > # The credentials to bind with.
> > # Optional: default is no credential.
> > #bindpw secret
> >
> > # The distinguished name to bind to the server
> with
> > # if the effective user ID is root. Password is
> > # stored in /etc/ldap.secret (mode 600)
> > rootbinddn cn=nssldap,ou=DSA,dc=example,dc=com
> >
> > # The port.
>
=== message truncated ===

        
                
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/

• Previous message: fatima riadi: "RE: Re: ssh connection to an ldap server"
• Maybe in reply to: fatima riadi: "RE: Re: ssh connection to an ldap server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]