I am trying LDAP authentication for users logged in CentOS by PAM. Also I have disabled(off) nsslapd-anonymous-access flag to restrict anonymous access by providing the binddn and bindpw.
I have changed binddn and bindpw in /etc/ldap.conf for PAM to bind with LDAP to authenticate user.
ie) When a user is trying to ssh pam will be communicated to bind with LDAP by reading /etc/ldap.conf to bind with LDAP to authenticate the corresponding user.
User authentication is not working every time. ie)some time the user is authenticated and sometimes the user is not authenticated.
i have verified the tools 389 FDS, nscd ,ssd, are properly running in CentOS.
I have tried by doing ldapsearch for the corresponding user. The result shows the user properly.
just to know if somebody try to use an AIX client against 389DS ?
I know it's possible with Solaris. It is the same way to use AIX client
(nsswitch.conf and pam configuration)?
We most use password less ssh authentication and in our /etc/ldap.conf
file we have bellow line
uri ldap://auth1.uk.xxxx.lan/ ldap://auth2.uk.xxxx.lan/
Now problem is, if there is any issues auth auth1 , Authentication failes
Theoretically, if auth1 failes then authentication should come from auth2
but why it fails ??
we use centos 5.8
Any helps will be helpful
I inherited an LDAP system from a previous administrator. It's a CentOS
box running 389 and LDAP Account Manager. I need to change the company's
DN from domain1.com to domain2.com. The users on the LAM email list gave
me some instructions but they were written for openldap. There is no
/etc/init.d/openldap or slapcat on this system so I was wondering if anyone
in the 389 community can explain how to do this.
We're trying to create accounts (with the posixaccount objectclass and so
forth) via LDAP, and while we can add the objectclasses and set the
attributes without error, the attributes for posixaccount don't show up on
subsequent LDAP queries. Looking at the entry via the 389 Console I see
that the values were set correctly but the checkbox for 'Enable Posix User
Attributes' is unechecked - I had thought checking this merely added the
relevant objectclass but apparently there's some other special magic
How can we "enable" these attributes (so that we can than retrieve them via
LDAP later) via LDAP ? Manually going in via the console and "enabling"
them via the checkbox for every new account is not a "solution".
I had enable "Posix Winsync API". I created an Windows User with UID= 11111
and it belongs to a group with GID= 10000.
The replication is correct to 389ds serveur (Posix User), but when I go to
a Linux client and write ID, I've got the good GID for the group it belongs
(10000), but the UID and the GID of my user is somethings wrong and exotic
like uid=796923660, gid=796923660.
How to keep the good information in my client side ?
389ds version = 126.96.36.199
Serveur = Centos 6.4
linux client = RedHat
Windows server = 2008R2
It's being a while, I've started with 389 DS and it never occurred me to
see if the users I add in the console will be add automatically to server
in kind of "ldif" file :p .!!!!!
I know now that i didn't really get it. so now I would like to know how can
I add an object class to all users I have with one command if it's
possible, I already tried this one but it didn't work for new users I added
Another question, how can I fix this error <id:can not find the name of the
group identifier>knowing that when I enable Posix User for sync users from
AD I add the GID randomly ?
Thanking you in advance for your precious answers.
just to tell you my experience feedback with a Windows Server 2012 and the
Everything works fine, I made some tests, and the replication password is
Have a good day,
I need some help understanding why replication continued after I deleted
the replication agreements from both machines. My configuration is:
1) machine1 is a member of a multimaster group.
2) machine2 was configure as a dedicated consumer.
3) initialization was successfully initated and completed from machine1 to
4) from the 389 console on machine2 a backup of the database was created.
5) from the 389 console on machine2 the replication agreement was deleted
but I did not disable replication.
6) from the 389 console on machine1 the replication agreement with machine
2 was deleted
7) from the 389 console on machine2 I deleted the object
8) from the 389 console on machie2 I restored the database, the object in
step 7 was restored
9) from the 389 console on machine2 I deleted the object
10) the deletion from step 9 was propagated back to machine1 and then out
to all the replication agreements on machine1
11) from the 389 console on machine2 I restored the database
12) the restoration from step 11 was again propagated to machine1 and then
out to all the replication agreements on machine 1
....so why, did the deletions get replicated back to machine1 after the
replication agreement was deleted? ...and since machine2 was a dedicated
consumer, I thought it couldn't make updates to machine1 even with the
replication agreement in place?
2.6.32-220.el6.x86_64 #1 SMP
2.6.32-220.17.1.el6.x86_64 #1 SMP