- SOFTERA LDAP QUERY TOOL INSTALL
- SOFTERA LDAP QUERY TOOL UPDATE
- SOFTERA LDAP QUERY TOOL PASSWORD
I don't know why but I had some LDAP errors with this user, so I deleted it and recreated it using iManager 2 and it worked fine. NOTE: During test lab I created proxy user for LDAP with Console One 1.3.6 for Linux. Refresh LDAP service and verify if it's working fine, do an LDAP trace. Make proxy user trustee of and give him Browse entry rights, and read and compare property rights on the following attributes:ĬN Description O OU Object Class dc gecos gidNumber homeDirectory loginShell memberUid uidNumber uniqueID Proxy user tree browsing restrictions, limit proxy user visibility of your eDirectory by granting specific rights to your tree. Also verify that ports 389 and 636 are not being blocked by some kind of firewall.
Validate the certificates, server ip address and hostname.
And that's what I did, just to be sure that basic things are working fine.Ĭreate proxy user for LDAP, set null password for this user and disable password changing. Also for testing purpose, proxy user could be configured with read and compare rights over all attributes.
The tool used here is “directory_administrator”, it allows to manage LDAP objects with Unix Profiles.įor testing purposes, you may want to set no proxy user and allow clear text connections. Additionally, I get the primary group I created as posixGroup. So, when I do an ldap search I only get these two users, the third one is not displayed. Verify LDAP service with some LDAP tool Example: We have three users, but only two of them have been extended as posixAccount (Amalaguti and Jdoe).
Set loginshell to /bin/bash or whatever shell you want. Populate user's primary group/gid with the posixGroup you created before.Īfter the user is created, go to tab Other and add attribute loginshell. This/these group/s are used as primary groups for linux users.Ĭreate eDir user and extend it with posixAccount extension. ndssch -h localhost -t treename cn=admin.o=novell rfc2307-usergroup.schĪdd eDir group and add extension “posixGroup” to it. It's not required to install JRE if previous one exists.Īdd C1_JRE_HOME=/path/to/jre to /etc/exportsĮDirectory configuration for Linux client authentication.Install Console One, last version + snapins
route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0 Add fixed ip address and verify dns information Install eDirectory on server Update PATH y MANPATH. Use DirXML (del text, JDBC, JMS drivers) when applications are not directory-enabled, PAM-enabled or cannot be customized. Use PAM-ldap for native Linux applications for Linux authentication and authorization. Recommendations Use LDAP APIs for cross-platform services that require accessing eDirectory objects and attribute information. Linux Client pam_ldap enabled /etc/passwd only system users are stored locally Ted lida ded a v r s tial rwa login den e fo Cre profil ed for ated cre ept nix 's U is acc OME is Edirectory r e Us User s $H r' LDAP/S Enabled Use Schema extended for Unix profile uid gid login shell. Objetive To provide a guide to implent Linux authentication against eDirectory (no local users) based on PAM and LDAP.Īuthentication scheme User credentials l ntia Linux Authentication using LDAP and eDirectory Adrián MalagutiĬontents Table of Contents Contents.2 Objetive.3 Authentication scheme.3 Recommendations.3 Server configuration.4 Edirectory install.4 eDirectory configuration for Linux client authentication.8 LDAP Service Configuration.12 LDAP Trace.13 Connection Test.14 Linux client configuration.15 LDAP based eDirectory authentication.15 X Window Authentication.17 KDE Login testing.17 KDE Login Background.17 PAM Configuration examples.18 Security.19 LDAP Proxy User.19 Secure LDAP connections TLS/SSL.19 Enable secure LDAP connections (TLS/SSL) on server side.20 Enable secure LDAP connection on client side - TLS.20 Enable secure LDAP connection on client side - SSL.23 Testing LDAP connection over TLS/SSL.24 PAM Modules.25 PAM MOUNT.25 ConsoleOne snapins for Unix Profile.26
0 kommentar(er)
