Quote:
Thanks Michael, but if you see my ldap.cfg settings, I have already set it as ldap_auth.
And that is the error - I fear - see below.
unix_auth is default
Quote:
I have it working on AIX 5.3, but does not work on 6.1
One more factor - the IDS server was already installed on my client unix server and has an instance running on it (which is used by another application). But for authentication, I point the unix server to a different instance on a different system.
Do you think this difference could matter ?
As one server can have multiple instances running, and the AIX client is designed to make queries from multiple DIT domains, each of which could be a different server, or the same server - I see no issues.
Quote:
I do not want to change the existing IDS server filesets and also cannot find 32 bit client fix pack version 6.2.0.16
Please suggest !
The only reason it "could" matter is if there is a bug. Initially, the 6.2 base was on the AIX 6.1 expansion disk - it is the default for AIX 7.1 (with 6.3 on the AIX 7.1 expansion disk) - until 6.3 becomes the default.
I did not pay that much attention to the versioning of LDAP the last years, but my understanding is that the servers support at their level and back level clients. So, again, except for a hard bug - I do not see any reason for an auth failure - other that what I ran into when experimenting with
unix_auth and
ldap_auth for the authtype setting.
ISS-ITDS-AIX 6.2.0 fixes
I tried the link above from two different browsers and they both seemed to work. This is a Fixcentral 'thing' so you may need to register before you can actually access the downloads.
Hope this helps!
From:
AIX InfoCenter aixfiles:LDAP.CFG
Quote:
autheyhtype Specifies the authentication mechanism to use. Valid values are
unix_auth and
ldap_auth. The default is
unix_auth.
- unix_auth - Retrieves the user password from LDAP and authenticate the user locally.
- ldap_auth - Binds to the LDAP server as the authenticating user in order to authenticate. Note: Password will be sent in clear text to the LDAP server for ldap_auth authentication mechanism. Use of SSL is strongly encouraged.
I understand this to mean all password verification is done at the ldap server when using ldap_auth as authtype. Note also, the default is unix_auth (only the "hash" aka "encrypted" string is retrieved).
Using
db2ldif -I instanceName (often the userid - hint) -o instance.ldif you should be able to examine what the LDAP server has stored.
In short, as a start, I would switch to unix_auth and see if you can start connecting as expected. Note: you may need to change the password before all the password encryption is "as expected" by AIX.
Hope this helps!