[CentOS] Fedora Directory Authentication on CentOS 5

Luciano Rocha strange at nsk.no-ip.org
Thu May 31 11:51:12 UTC 2007


On Thu, May 31, 2007 at 12:38:55PM +0100, first last wrote:
> Hi,
> 
> I am trying to set up a Fedora Directory server for centralised
> authentication.

I'm using that setup.

> I configure the directory server, add a user called (via the Java GUI)
> test

Could you do an ldap search for that user and show the output, please?
Like so:
# ldapsearch -LLL -x 'uid=lmf

The output should be something like:
dn: uid=lmf,ou=Users,dc=udp,dc=eurotux,dc=com
uid: lmf
cn: Luciano Rocha
cn: luciano
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 12715
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 501
gidNumber: 501
homeDirectory: /home/lmf
gecos: Luciano Rocha

the ou=Users can be ou=People or something else. But uid must be present
for the user you added and also objectClass: posixAccount.

Then check if you can bind to ldap using the dn of the user:
# ldapsearch -LLL -x 'uid=lmf' -D uid=lmf,ou=Users,dc=udp,dc=eurotux,dc=com -W uid
Enter LDAP Password: 
dn: uid=lmf,ou=Users,dc=udp,dc=eurotux,dc=com
uid: lmf

> and then, using system-config-authentication, enable LDAP on both
> tabs.
/etc/nsswitch.conf should have:
passwd:     files ldap

And /etc/openldap/ldap.conf should have a valid URI, pointing to the
server and a valid BASE

If that file has all those values commented out, then they should be in
/etc/ldap.conf.

In any case, also check /etc/ldap.conf. If /etc/openldap/ldap.conf has a
valid URI, then comment out any host definition. Check that base is the
correct one, and also check that any nss_base, if defined has the same
basedn as the one you found in the search.

Then test the user identification by running id <user>:
# id lmf
uid=501(lmf) gid=501(lmf) groups=501(lmf),...

If this works, then the next step is checking the pam configuration. But
I'll end the email now because it's lunch time here. :)

-- 
lfr
0/0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20070531/1382c5a6/attachment.sig>


More information about the CentOS mailing list