Scratching my head over passwd- >LDAP

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Installation - Getting started with Red Hat Linux

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

Scratching my head over passwd- >LDAP

Scratching my head over passwd- >LDAP

2006-06-06 - By Joshua Daniel Franklin

Back

Reply: 1 2 3 4 5 6 7 8

On 6/6/06, Doug Stewart wrote:
> 1) I can't get passwd to correctly interact with the OD/LDAP server in
> order to allow users to change their own passwords. I suspect that
> there will need to be some pam tweaking, but I've not been able to
> determine the precise recipe for such as of yet. Does anyone have a
> nice step-by-step to make passwd Just Work(tm) for LDAP environments?

We have a slightly different setup, using OpenLDAP. The pam changes
are made at install with kickstart's "authconfig enableldapauth" and then
custom /etc/ldap.conf and /etc/openldap/ldap.conf files are created.
I'm guessing this might work for you though since we can authenticate
MacOS 10.4 Tiger clients. Also, an important thing is that since we are
using SSL the /etc/ldap.secret file should NOT exist (though it produces
warnings).

Our RHEL users can definitely change their own passwords.

authconfig --enableshadow --enablemd5 --enableldap
--ldapserver=ldaps://ldap1.biostr.washington.edu
--ldapbasedn="dc=sig,dc=biostr,dc=washington,dc=edu" --enableldapauth
--enableldaptls --enablecache --disablenis --kickstart
cat > /etc/ldap.conf << EOF
uri ldaps://ldap1.biostr.washington.edu
ldaps://ldap2.biostr.washington.edu
ssl on
tls_cacertfile /usr/share/ssl/certs/ca-bundle.crt
tls_checkpeer yes
ldap_version 3
scope one
rootbinddn cn=admin,dc=sig,dc=biostr,dc=washington,dc=edu
base dc=sig,dc=biostr,dc=washington,dc=edu
nss_base_passwd ou=People,dc=sig,dc=biostr,dc=washington,dc=edu
nss_base_shadow ou=People,dc=sig,dc=biostr,dc=washington,dc=edu
nss_base_group ou=Group,dc=sig,dc=biostr,dc=washington,dc=edu
pam_password exop
EOF
cat > /etc/openldap/ldap.conf << EOF
URI ldaps://ldap1.biostr.washington.edu ldaps://ldap2.biostr.washington.edu
BASE dc=sig,dc=biostr,dc=washington,dc=edu
TLS_CACERT /usr/share/ssl/certs/ca-bundle.crt
TLS hard
TLS_REQCERT demand
EOF

--
Taroon-list mailing list
Taroon-list@(protected)
https://www.redhat.com/mailman/listinfo/taroon-list