[KLUG Members] making a linux machine auth against an ldap server.
Tyler Haske
dvorak.typist at gmail.com
Wed Nov 9 21:23:50 EST 2005
its a sun ONE directory
SASL GSSAPI. :).
I can't get anonymous queries working. I've been using a DN to do queries.
ldapsearch -H ldap://dir.wmich.edu -D
uid=oitlabs,ou=special,ou=people,o=wmich.edu,dc=wmich,dc=edu -W -x -b
ou=people,o=wmich.edu,dc=wmich,dc=edu -s sub 'uid=*******'
that query with the correct password returns the entry I want, inside
of the entry there is a wmuuid field that has the username your
SUPPOSED to connect to the ldap server with, to authenticate.
when I try using TLS or SASL I get this.
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
On 11/9/05, Adam Tauno Williams <awilliam at whitemice.org> wrote:
> > I knew ldap would be forced on me eventually.
>
> Sort of like death, it will visit everyone eventually
>
> > I am trying to set up linux PAM so folks can log on with linux, and
> > authenticate against LDAP.
> > I'm told an easy way to go about doing this is connect with a 'big'
> > account, find the userid, then reconnect with the found userid.
>
> ? Not certain what you mean.
>
> > if you can bind to the LDAP with your ldap userid and password, you
> > should be able to login to a linux machine with the campus wide
> > username and password.
> > I'm having trouble using the correct syntax in the /etc/ldap.conf file.
> > basically I can't specify a wmuuid, I have to look it up, according to
> > the uid, which the user types in..
> > get it!?
>
> Not exactly. First, what is a wmmuid? Second do you know what DSA you
> are looking at (vendor/version)? First figure out how to make
> ldapsearch work *THEN* do PAM and NSS. Does the DSA support SASL? If
> so then you may not need a DN to bind with just some username. Do
> anonymous queries work?
>
> _______________________________________________
> Members mailing list
> Members at kalamazoolinux.org
>
>
--
Tyler Haske
More information about the Members
mailing list