This is what I am trying to do.
Create new-user on LDAP server
Associate LDAP client with LDAP server
On LDAP client, login with new-user, authenticating against LDAP server
RHEL environment for new-user comes up
When I go to System->Administration->Users and Groups, that new-user should be
listed
It is not.
When I do id new-user, it shows all the sssd information correctly and the POSIX
attributes that I set in LDAP server.
What do I need to do in order for the id new-user command information to show up in the
Users and Groups list on the LDAP client?
Thanks,
Rohit
From: Grzegorz Dwornicki <gd1100@gmail.com<mailto:gd1100@gmail.com>>
Reply-To: "General discussion list for the 389 Directory server project."
<389-users@lists.fedoraproject.org<mailto:389-users@lists.fedoraproject.org>>
Date: Monday, January 14, 2013 10:28 AM
To: "General discussion list for the 389 Directory server project."
<389-users@lists.fedoraproject.org<mailto:389-users@lists.fedoraproject.org>>
Subject: Re: [389-users] How to set up 389 client
I am not sure but In my opinion this applet read only local files. You can use other tools
to modify ldap users. Maybe if you tell us what modifications you wish to do someone might
help you :). I don't wish to make you chassing ghosts soo I am not giving any ldap
client name without knowing what you intend to do.
Greg.
14 sty 2013 16:18, "Chaudhari, Rohit K."
<Rohit.Chaudhari@jhuapl.edu<mailto:Rohit.Chaudhari@jhuapl.edu>> napisał(a):
The id <ldap-user-name> command works just fine. That is not where I am having the
issue. The issue lies in the local Users and Groups list in the RHEL client.
When I click through System->Administration->Users and Groups, the ldap-user-name is
not showing up on that list. How do I get it to show up on that list? This is a concern
to me because my bosses are questioning whether the ldap-user-name I created has proper
ACL privileges and would meet DIACAP requirements.
Thanks,
Rohit
From: Chandan Kumar
<chandank.kumar@gmail.com<mailto:chandank.kumar@gmail.com>>
Reply-To: "General discussion list for the 389 Directory server project."
<389-users@lists.fedoraproject.org<mailto:389-users@lists.fedoraproject.org>>
Date: Monday, January 7, 2013 1:43 PM
To: "General discussion list for the 389 Directory server project."
<389-users@lists.fedoraproject.org<mailto:389-users@lists.fedoraproject.org>>
Subject: Re: [389-users] How to set up 389 client
Sounds bit strange. what is out put of "id <ldap-user-name>". If sssd is
configured properly this command has to work. Moreover, while you execute this command
watch /var/log/secure.log for any error messages.
Also disable selinux/Firewall and test.
On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:
I configured everything with SSSD as you suggested. I'm able to do successful logins
authenticating against the LDAP server, but when I check the Users and Groups list on the
client machine, that newly created user isn't added. Thoughts?
Thanks.
From: Chandan Kumar <chandank.kumar(a)gmail.com>
Reply-To: "General discussion list for the 389 Directory server project."
<389-users(a)lists.fedoraproject.org>
Date: Monday, January 7, 2013 1:36 PM
To: "General discussion list for the 389 Directory server project."
<389-users(a)lists.fedoraproject.org>
Subject: Re: [389-users] How to set up 389 client
are you using SSSD on client side or PADL/NSS?
On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:
I do specify the POSIX properties on the LDAP side. But when I login with that created
user on the client side and check the Users and Groups list on the client machine, it is
not listed there. I did avoid the warning message by adding the LDAP user to a group that
already exists. I want the user I create in LDAP to become listed in the Users and Groups
list on the client (for ACL purposes, if you know anything regarding meeting DIACAP
guidelines). Did I miss something?
Thanks
From: Chandan Kumar <chandank.kumar(a)gmail.com>
Reply-To: "General discussion list for the 389 Directory server project."
<389-users(a)lists.fedoraproject.org>
Date: Monday, January 7, 2013 11:39 AM
To: "General discussion list for the 389 Directory server project."
<389-users(a)lists.fedoraproject.org>
Subject: Re: [389-users] How to set up 389 client
Hello Rohit,
While creating users you also need to specify POSIX properties for the user.
In admin console you need to fill out posix properties details while creating the user.
Also make sure you create posix groups and associate these new users with the group ID
otherwise while login time you may get some warning message like "id: Group does not
exist".
--
http://about.me/chandank
On Mon, Jan 7, 2013 at 7:27 AM, Chaudhari, Rohit K. <Rohit.Chaudhari(a)jhuapl.edu>
wrote:
Hey Chandan,
So I got the RHEL client working, but I have an outstanding issue. When I look at the
users/groups setting on the client machine, the newly created user that I made on the RHEL
LDAP server does not show up on the list. Is this how it is supposed to work? If not,
how do I get a LDAP user to become a part of the users and groups list on the RHEL
client?
Thanks,
Rohit
From: Chandan Kumar <chandank.kumar(a)gmail.com>
Reply-To: "General discussion list for the 389 Directory server project."
<389-users(a)lists.fedoraproject.org>
Date: Thursday, December 20, 2012 6:21 PM
To: "General discussion list for the 389 Directory server project."
<389-users(a)lists.fedoraproject.org>
Subject: Re: [389-users] How to set up 389 client
Yes do need to replace it with SSSD. If you are having a fresh Centos install, by default
it is sssd only.
Best way would be to use the authconfig tool as it changes all related files and you
don't have to manually change all of them. Moreover, you also need change the
nss.conf file and make sure groups/users do have sssd instead of ldap.
From RHEL 6.4 sssd will be fully supported and it gives better
performance if you intend to integrate many applications with LDAP as it does not open
multiple connections with the directory server.
I will look that guide again and will try to improve it.
On Thursday, December 20, 2012, Chaudhari, Rohit K. wrote:
Okay I will try checking those parameters. I am doing sssd, I used ldap pan before in
CentOS 6 and that ha
--
--
http://about.me/chandank
--
389 users mailing list
389-users@lists.fedoraproject.org<mailto:389-users@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users