[KLUG Members] making a linux machine auth against an ldap server.

[Tyler Haske]

its a sun ONE directory
SASL GSSAPI. :).

I can't get anonymous queries working. I've been using a DN to do queries.


ldapsearch -H ldap://dir.wmich.edu -D
uid=oitlabs,ou=special,ou=people,o=wmich.edu,dc=wmich,dc=edu -W -x -b
ou=people,o=wmich.edu,dc=wmich,dc=edu -s sub 'uid=*******'

that query with the correct password returns the entry I want, inside
of the entry there is a wmuuid field that has the username your
SUPPOSED to connect to the ldap server with, to authenticate.

when I try using TLS or SASL I get this.

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed


On 11/9/05, Adam Tauno Williams <awilliam at whitemice.org> wrote:
> > I knew ldap would be forced on me eventually.
>
> Sort of like death,  it will visit everyone eventually
>
> > I am trying to set up linux PAM so folks can log on with linux, and
> > authenticate against   LDAP.
> > I'm told an easy way to go about doing this is connect with a 'big'
> > account, find the userid, then reconnect with the found userid.
>
> ? Not certain what you mean.
>
> > if you can bind to the LDAP with your ldap userid and password, you
> > should be able to login to a linux machine with the campus wide
> > username and password.
> > I'm having trouble using the correct syntax in the /etc/ldap.conf file.
> > basically I can't specify a wmuuid, I have to look it up, according to
> > the uid, which the user types in..
> > get it!?
>
> Not exactly.  First, what is a wmmuid?  Second do you know what DSA you
> are looking at (vendor/version)?  First figure out how to make
> ldapsearch work *THEN* do PAM and NSS.  Does the DSA support SASL?  If
> so then you may not need a DN to bind with just some username.  Do
> anonymous queries work?
>
> _______________________________________________
> Members mailing list
> Members at kalamazoolinux.org
> 
>


--
Tyler Haske