I was able to get the issue resolved after opening a PMR with IBM.
What's not documented in the Redbook is that in order to login via SSH, both local and LDAP UID's/GID's must match exactly. SSH will check both local and LDAP user attributes if they exist in both places, regardless of registry. So after I changed the local UID and GID for the user to match LDAP I could login, this is very inconvenient as I also had to find all the orphaned files and reassign them via:
Thanks for the help!
Hello Everyone,
I have enabled LDAP authentication on my Web script by adding the list of valid users in /etc/apach2/default-server.conf. However, I now want to retrieve the username of the person that logs in. How can I do that? Is there any such module?
Regards,
Harsha (0 Replies)
Hello,
I have a Linux box with RHEL4 running on it. The box is meant to be on the DMZ. There is a directory on the box that will be remotely from time to time and I want a form of authentication on it.
Presently, I have configured Basic authentication with apache but the security is not tight.
I... (1 Reply)
Hello,
I have a Linux box with RHEL4 running on it. The box is meant to be on the DMZ. There is a directory on the box that will be remotely from time to time and I want a form of authentication on it.
Presently, I have configured Basic authentication with apache but the security is not tight.
I... (1 Reply)
I see a lot of thread on LDAP Authentication but I want to enable LDAP Authentication with Authorization. Meaning, removing the user ID's and groups from the local servers and move them to an LDAP server. When a user logs in (via LDAP) they will be given their group memberships and access to the... (3 Replies)
Hi folks,
i have opends 1.2 manually installed
subversion 1.4.3 and apache2 updated by package manager.
i want to access svn using LDAP authentication
its giving an error:
ldap_simple_bind_s() failed.
what could be the problem.
i wrote some text at the end of httpd.conf fpr ldap... (2 Replies)
Dear Friends,
I have recently installed iplanet directory server on my Solaris 10 machine.I was able to successfully install and configure ldap on my system.Furthermore, was also able to add
user entries to the LDAP database server.But now I am finding it difficult to authenticate LDAP users... (1 Reply)
hi all,
i have configured Apache with WEBDAV & my aim is sharing outlook calendars because we don't use M$ ExChange.
From outlook i did a simple test & am able to share a calendar.
I want to create share for each user & then authenticate against LDAP before they can publish their... (0 Replies)
Hi, We are trying to use LDAP to authenticate the login from our application. Our application is installed on AIX 6.1 and LDAP server is on active directory windows 2003.
We are getting the below error when we try to login. We have the required lib file in the path it is looking for. Any idea... (3 Replies)
Hi,
I am trying to authenticate AIX server against a IDS LDAP instance.
The AIX version is 6.1 and TDS client is 6.1.
I configured the secldapclntd using ldap.cfg file and changed /etc/security/user to set SYSTEM=LDAP, registry=LDAP for one user. Below are the ldap.cfg configurations -
... (5 Replies)
Hi Friends,
I have below scenarios .
dom1.test.com - LDAP
dom2.test.com - AD
Requirement is establish a trust relation between LDAP and AD server in such a way that if any user login on LDAP managed authentication server with
dom1\username -> get authenticated by LDAP host
... (2 Replies)
Discussion started by: Shirishlnx
2 Replies
LEARN ABOUT SUSE
setresgid32
SETRESUID(2) Linux Programmer's Manual SETRESUID(2)NAME
setresuid, setresgid - set real, effective and saved user or group ID
SYNOPSIS
#define _GNU_SOURCE
#include <unistd.h>
int setresuid(uid_t ruid, uid_t euid, uid_t suid);
int setresgid(gid_t rgid, gid_t egid, gid_t sgid);
DESCRIPTION
setresuid() sets the real user ID, the effective user ID, and the saved set-user-ID of the calling process.
Unprivileged user processes may change the real UID, effective UID, and saved set-user-ID, each to one of: the current real UID, the cur-
rent effective UID or the current saved set-user-ID.
Privileged processes (on Linux, those having the CAP_SETUID capability) may set the real UID, effective UID, and saved set-user-ID to arbi-
trary values.
If one of the arguments equals -1, the corresponding value is not changed.
Regardless of what changes are made to the real UID, effective UID, and saved set-user-ID, the file system UID is always set to the same
value as the (possibly new) effective UID.
Completely analogously, setresgid() sets the real GID, effective GID, and saved set-group-ID of the calling process (and always modifies
the file system GID to be the same as the effective GID), with the same restrictions for unprivileged processes.
RETURN VALUE
On success, zero is returned. On error, -1 is returned, and errno is set appropriately.
ERRORS
EAGAIN uid does not match the current UID and this call would bring that user ID over its RLIMIT_NPROC resource limit.
EPERM The calling process is not privileged (did not have the CAP_SETUID capability) and tried to change the IDs to values that are not
permitted.
VERSIONS
These calls are available under Linux since Linux 2.1.44.
CONFORMING TO
These calls are nonstandard; they also appear on HP-UX and some of the BSDs.
NOTES
Under HP-UX and FreeBSD the prototype is found in <unistd.h>. Under Linux the prototype is provided by glibc since version 2.3.2.
SEE ALSO getresuid(2), getuid(2), setfsgid(2), setfsuid(2), setreuid(2), setuid(2), capabilities(7), credentials(7), feature_test_macros(7)COLOPHON
This page is part of release 3.25 of the Linux man-pages project. A description of the project, and information about reporting bugs, can
be found at http://www.kernel.org/doc/man-pages/.
Linux 2007-07-26 SETRESUID(2)