To make system aware of users in 389 you need to configure other files: /etc/ldap.conf (el5 systems) or /etc/nss_ldap.conf (el6 systems) + /etc/nsswitch.conf + PAM modules (/etc/pam.d/system-auth + install pam_ldap module). On RHEL/Fedora/Centos/SL you can do this easy way using authconfig, authconfig-tui or system-config-authentication. I don't recommend messing manually with PAM without reading some docs about them, because you can break login in your system.
Consider using one three tools I have toold about. They can modify all required files. You may be required to install nss-pam-ldapd package on el6 systems for PAM to work, this will install nslcd daemon too as dependency. I usually set FORLEGACY to yes in /etc/systemconfig/authconfig on el6 systems
Hi
Dont know how to reply on same thread.
but thank for quick reply.
its case sensitive. so I created the cert file
and i put that one into client , and i configured as documentated
/etc/openldap/ldap.conf
URI ldap://ldap-2.fosiul.lan/
BASE dc=fosiul,dc=lan
TLS_CACERTDIR /etc/openldap/cacerts/
TLS_REQCERT allow
#TLS_CACERT /etc/openldap/cacerts/cacert.asc
and in /etc/ldap.conf
base dc=fosiul,dc=lan
uri ldap://ldap-2.fosiul.lan/
ssl start_tls
tls_cacertdir /etc/openldap/cacerts/
#TLS_CACERT /etc/openldap/cacerts/cacert.asc
pam_password md5
and i can see it created another file in /etc/openldap/cacerts/ directory like ths
5be5959f.0 ds-ca.crt
and when i do like this
id usrname
it does not find the user and i dont see any error in /var/log/message
so its like its connecting to ldap. .but it does not get any information
do i have to say Cn="Directory Manager" some where in ldap.conf file ??
thanks for your help.
Fosiul
but in clients , log file
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users