Is everything set for those users like loginshell, home directory etc?
Yes, we have this set in LDAP for the users, and they will be using their existing home directories. When we su over to the LDAP user it shows them as being in their home directory.
Quote:
Do those users have in /etc/security/user entries like
?
I don't know if the chuser adds the double quotes needed at the SYSTEM= variable. Iirc they are important.
Yes, once I switch the user via the chuser command those entries are made, including the double quotes.
Quote:
I have set our server with the two variables up there in the default: stanza of the /etc/security/user so that only those accounts that should remain locally have something like
Correct, ours is setup this way as well.
Quote:
Also when changing local users to be LDAP users, you have to clear the following files of them:
What do you mean by clear? Shouldn't AIX be able to maintain both accounts in the event LDAP fails? The idea is that their local accounts would be a backup means of authentication, so for example we may want to go with something like:
Quote:
And if uid and gid changes chown them accordingly in the filesystem.Also remember to not mix local users and groups with ldap users and groups. SMIT will get problems else.
This will be something we will have to address once we get the users authenticated, we aren't sure how the ownership and permissions will translate.
Hello Everyone,
I have enabled LDAP authentication on my Web script by adding the list of valid users in /etc/apach2/default-server.conf. However, I now want to retrieve the username of the person that logs in. How can I do that? Is there any such module?
Regards,
Harsha (0 Replies)
Hello,
I have a Linux box with RHEL4 running on it. The box is meant to be on the DMZ. There is a directory on the box that will be remotely from time to time and I want a form of authentication on it.
Presently, I have configured Basic authentication with apache but the security is not tight.
I... (1 Reply)
Hello,
I have a Linux box with RHEL4 running on it. The box is meant to be on the DMZ. There is a directory on the box that will be remotely from time to time and I want a form of authentication on it.
Presently, I have configured Basic authentication with apache but the security is not tight.
I... (1 Reply)
I see a lot of thread on LDAP Authentication but I want to enable LDAP Authentication with Authorization. Meaning, removing the user ID's and groups from the local servers and move them to an LDAP server. When a user logs in (via LDAP) they will be given their group memberships and access to the... (3 Replies)
Hi folks,
i have opends 1.2 manually installed
subversion 1.4.3 and apache2 updated by package manager.
i want to access svn using LDAP authentication
its giving an error:
ldap_simple_bind_s() failed.
what could be the problem.
i wrote some text at the end of httpd.conf fpr ldap... (2 Replies)
Dear Friends,
I have recently installed iplanet directory server on my Solaris 10 machine.I was able to successfully install and configure ldap on my system.Furthermore, was also able to add
user entries to the LDAP database server.But now I am finding it difficult to authenticate LDAP users... (1 Reply)
hi all,
i have configured Apache with WEBDAV & my aim is sharing outlook calendars because we don't use M$ ExChange.
From outlook i did a simple test & am able to share a calendar.
I want to create share for each user & then authenticate against LDAP before they can publish their... (0 Replies)
Hi, We are trying to use LDAP to authenticate the login from our application. Our application is installed on AIX 6.1 and LDAP server is on active directory windows 2003.
We are getting the below error when we try to login. We have the required lib file in the path it is looking for. Any idea... (3 Replies)
Hi,
I am trying to authenticate AIX server against a IDS LDAP instance.
The AIX version is 6.1 and TDS client is 6.1.
I configured the secldapclntd using ldap.cfg file and changed /etc/security/user to set SYSTEM=LDAP, registry=LDAP for one user. Below are the ldap.cfg configurations -
... (5 Replies)
Hi Friends,
I have below scenarios .
dom1.test.com - LDAP
dom2.test.com - AD
Requirement is establish a trust relation between LDAP and AD server in such a way that if any user login on LDAP managed authentication server with
dom1\username -> get authenticated by LDAP host
... (2 Replies)
Discussion started by: Shirishlnx
2 Replies
LEARN ABOUT REDHAT
ldap_simple_bind
LDAP_BIND(3) Library Functions Manual LDAP_BIND(3)NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_kerberos_bind_s, ldap_kerberos_bind1, ldap_kerberos_bind1_s, ldap_ker-
beros_bind2, ldap_kerberos_bind2_s, ldap_unbind, ldap_unbind_s - LDAP bind routines
SYNOPSIS
#include <ldap.h>
int ldap_bind(ld, who, cred, method)
LDAP *ld;
char *who, *cred;
int method;
int ldap_bind_s(ld, who, cred, method)
LDAP *ld;
char *who, *cred;
int method;
int ldap_simple_bind(ld, who, passwd)
LDAP *ld;
char *who, *passwd;
int ldap_simple_bind_s(ld, who, passwd)
LDAP *ld;
char *who, *passwd;
int ldap_kerberos_bind_s(ld, who)
LDAP *ld;
char *who;
int ldap_kerberos_bind1(ld, who)
LDAP *ld;
char *who;
int ldap_kerberos_bind1_s(ld, who)
LDAP *ld;
char *who;
int ldap_kerberos_bind2(ld, who)
LDAP *ld;
char *who;
int ldap_kerberos_bind2_s(ld, who)
LDAP *ld;
char *who;
int ldap_unbind(ld)
LDAP *ld;
int ldap_unbind_s(ld)
LDAP *ld;
DESCRIPTION
These routines provide various interfaces to the LDAP bind operation. After a connection is made to an LDAP server using ldap_open(3), an
LDAP bind operation must be performed before other operations can be attempted over the conection. Both synchronous and asynchronous ver-
sions of each variant of the bind call are provided. There are three types of calls, providing simple authentication, kerberos authentica-
tion, and general routines to do either one. All routines take ld as their first parameter, as returned from ldap_open(3).
SIMPLE AUTHENTICATION
The simplest form of the bind call is ldap_simple_bind_s(). It takes the DN to bind as in who, and the userPassword associated with the
entry in passwd. It returns an LDAP error indication (see ldap_error(3)). The ldap_simple_bind() call is asynchronous, taking the same
parameters but only initiating the bind operation and returning the message id of the request it sent. The result of the operation can be
obtained by a subsequent call to ldap_result(3).
KERBEROS AUTHENTICATION
If the LDAP library and LDAP server being contacted have been compiled with the KERBEROS option defined, Kerberos version 4 authentication
can be accomplished by calling the ldap_kerberos_bind_s() routine. It assumes the user already has obtained a ticket granting ticket. It
takes who, the DN of the entry to bind as. This routine does both steps of the kerberos binding process synchronously. The ldap_ker-
beros_bind1_s() and ldap_kerberos_bind2_s() routines allow synchronous access to the individual steps, authenticating to the LDAP server
and DSA, respectively. The ldap_kerberos_bind1() and ldap_kerberos_bind2() routines provide equivalent asynchronous access.
GENERAL AUTHENTICATION
The ldap_bind() and ldap_bind_s() routines can be used when the authentication method to use needs to be selected at runtime. They both
take an extra method parameter selecting the authentication method to use. It should be set to one of LDAP_AUTH_SIMPLE, LDAP_AUTH_KRBV41,
or LDAP_AUTH_KRBV42, to select simple authentication, kerberos authentication to the LDAP server, or kerberos authentication to the DSA,
respectively. ldap_bind() returns the message id of the request it initiates. ldap_bind_s() returns an LDAP error indication.
UNBINDING
The ldap_unbind() call is used to unbind from the directory, terminate the current association, and free the resources contained in the ld
structure. Once it is called, the connection to the LDAP server is closed, and the ld structure is invalid. The ldap_unbind_s() call is
just another name for ldap_unbind(); both of these calls are synchronous in nature.
ERRORS
Asynchronous routines will return -1 in case of error, setting the ld_errno parameter of the ld structure. Synchronous routines return
whatever ld_errno is set to. See ldap_error(3) for more information.
SEE ALSO ldap(3), ldap_error(3), ldap_open(3)ACKNOWLEDGEMENTS
OpenLDAP is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). OpenLDAP is derived from University of Michigan
LDAP 3.3 Release.
OpenLDAP 2.0.27-Release 22 September 1998 LDAP_BIND(3)