To make system aware of users in 389 you need to configure other files: /etc/ldap.conf (el5 systems) or /etc/nss_ldap.conf (el6 systems) + /etc/nsswitch.conf + PAM modules (/etc/pam.d/system-auth + install pam_ldap module). On RHEL/Fedora/Centos/SL you can do this easy way using authconfig, authconfig-tui or system-config-authentication. I don't recommend messing manually with PAM without reading some docs about them, because you can break login in your system.

Consider using one three tools I have toold about. They can modify all required files. You may be required to install nss-pam-ldapd package on el6 systems for PAM to work, this will install nslcd daemon too as dependency. I usually set FORLEGACY to yes in /etc/systemconfig/authconfig on el6 systems

2012/7/28 fosiul alam <expertalert@gmail.com>
Hi
Dont know how to reply on same thread.

but thank for  quick reply.

its case sensitive. so I created the cert file
and i put that one into client , and i configured as documentated

/etc/openldap/ldap.conf

URI ldap://ldap-2.fosiul.lan/
BASE dc=fosiul,dc=lan
TLS_CACERTDIR /etc/openldap/cacerts/
TLS_REQCERT allow
#TLS_CACERT /etc/openldap/cacerts/cacert.asc


and in /etc/ldap.conf
base dc=fosiul,dc=lan
uri ldap://ldap-2.fosiul.lan/
ssl start_tls
tls_cacertdir /etc/openldap/cacerts/

#TLS_CACERT /etc/openldap/cacerts/cacert.asc
pam_password md5



and i can see it created another file in /etc/openldap/cacerts/ directory like ths
5be5959f.0     ds-ca.crt

and when i do like this

id usrname

it does not find the user and i dont see any error in /var/log/message

so its like its connecting to ldap. .but it does not get any information

do i have to say Cn="Directory Manager" some where in ldap.conf file ??

thanks for your help.

Fosiul

but in clients , log file


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users