LDAP Help requested...please :)
All
I have recently started toying with ldap:
I have installed:
libsasl7 (with all dependancies)
slapd (on the server with all dependancies)
libnss-db
libnss-ldap
libldap2
ldap2dns
libpam-ldap
ldap-utils
My ldap configs on the client all have a host line to the server.
Attached are the config files...
when I run 'ldapsearch' I get:
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error
When I type 'ldapsearch -x' I get the database dif as I should.
Any ideas?
--
Phil
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/ | gpg --import
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38 kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
host 155.138.40.126
base o=Ourproj,c=US
ldap_version 3
pam_crypt local
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
# $OpenLDAP: pkg/ldap/libraries/libldap/ldapfilter.conf,v 1.2.26.2 2000/06/13 17:57:19 kurt Exp $
#
# ldap filter file
#
# lines like this that start with # or empty lines are ignored
#
# syntax:
#
# <tag>
# <pattern1> <delimiters> <filter1-1> <desc1-1> [<scope>]
# <filter1-2> <desc1-2> [<scope>]
#
# <pattern2> <delimiters> <filter2-1> <desc2-1> [<scope>] ...
#
# The "desc" should describe the filter and it should correctly complete
# both of the following phrases:
#
# One <desc> match was found for...
# Three <desc> matches were found for...
#
# The scope is optional, and should be one of:
# "base"
# "onelevel"
# "subtree"
# if it is included.
#
"finger and ud and go500 and go500gw subtree and web500gw subtree and rp500 and rcpt500 and ufn last"
"^$" "" "(objectclass=*)" "default filter"
"=" " " "%v" "arbitrary filter"
"^[0-9][0-9\-]*$" " " "(telephoneNumber=*%v)" "phone number"
"@" " " "(mail=%v)" "email address"
"(mail=%v*)" "start of email address"
"^.[\. _].*" ". _" "(cn=%v1* %v2-)" "first initial"
".*[. _].$" ". _" "(cn=%v1-*)" "last initial"
"[. _]" ". _" "(|(sn=%v1-)(cn=%v1-))" "exact"
"(|(sn~=%v1-)(cn~=%v1-))" "approximate"
".*" ". " "(|(cn=%v1)(sn=%v1)(ou=%v1))" "exact"
"(|(cn~=%v1)(sn~=%v1)(ou~=%v1))" "approximate"
"go500gw onelevel and web500gw onelevel and ufn first and ufn intermediate"
"^$" "" "(!(objectclass=dSA))" "default filter"
"=" " " "%v" "arbitrary filter"
"^..$" " " "(|(o=%v)(c=%v)(l=%v)(co=%v))" "exact2"
"(|(o~=%v)(c~=%v)(l~=%v)(co~=%v))" "approximate2"
" " " " "(|(o=%v)(l=%v)(co=%v)(ou=%v))" "exact"
"(|(o~=%v)(l~=%v)(co~=%v)(ou~=%v))" "approximate"
"\." " " "(associatedDomain=%v)" "exact"
".*" " " "(|(o=%v)(l=%v)(co=%v)(ou=%v))" "exact"
"(|(o~=%v)(l~=%v)(co~=%v)(ou~=%v))" "approximate"
#
# xax500
#
"xax500"
"=" " " "(%v)" "arbitrary filter"
"^[0-9][0-9-]*$" " " "(telephoneNumber=*%v)" "phone number"
"@" " " "(mail=%v)" "email address"
"(mail=%v*)" "start of email address"
"^.[. _].*" ". _" "(cn=%v1* %v2-)" "first initial"
".*[. _].$" ". _" "(cn=%v1-*)" "last initial"
"[. _]" ". _" "(|(sn=%v1-)(cn=%v1-))" "exact"
"(|(sn~=%v1-)(cn~=%v1-))" "approximate"
".*" ". " "(|(cn=%v1)(sn=%v1)(uid=%v1))" "exact"
"(|(cn=%v1)(sn~=%v1))" "approximate"
"xax500-auth"
"=" " " "(%v)" "arbitrary filter"
"^[0-9][0-9-]*$" " " "(telephoneNumber=*%v)" "phone number"
"@" " " "(mail=%v)" "email address"
"(mail=%v*)" "start of email address"
"^.[. _].*" ". _" "(cn=%v1* %v2-)" "first initial"
".*[. _].$" ". _" "(cn=%v1-*)" "last initial"
"[. _]" ". _" "(|(sn=%v1-)(cn=%v1-))" "exact"
"(|(sn~=%v1-)(cn~=%v1-))" "approximate"
".*" ". " "(|(cn=%v1)(sn=%v1)(uid=%v1))" "exact"
"(|(cn=%v1)(sn~=%v1))" "approximate"
"list500"
"[. _]" ". _" "(|(sn=%v1-)(cn=%v1-))" "exact"
"(|(sn~=%v1-)(cn~=%v1-))" "approximate"
".*" ". " "(|(cn=%v1)(sn=%v1)(uid=%v1))" "exact"
"(|(cn~=%v1)(sn~=%v1))" "approximate"
# $OpenLDAP: pkg/ldap/libraries/libldap/ldapsearchprefs.conf,v 1.1.3.1.32.2 2000/06/13 17:57:19 kurt Exp $
# Version should be 1 now
Version 1
#
#
# Name for this search object
People
# options (the only one supported right now is "internal" which means that
# this search object should not be presented directly to the user)
# use "" for none
""
# Label to place before text box user types in
"Search For:"
# Filter prefix to append to all "More Choices" searches
"(&(objectClass=person)"
# Tag to use for "Fewer Choices" searches - from ldapfilter.conf file
"xax500"
# If a search results in > 1 match, retrieve this attribute to help
# user disambiguate the entries...
title
# ...and label it with this string:
"Title"
# Search scope to use when searching
subtree
# Follows a list of "More Choices" search options. Format is:
# Label, attribute, select-bitmap, extra attr display name, extra attr ldap name
# If last two are null, "Fewer Choices" name/attributes used
"Common Name" cn 11111 "" ""
"Surname" sn 11111 "" ""
"Business Phone" "telephoneNumber" 11101 "" ""
"E-Mail Address" "mail" 11111 "" ""
"Uniqname" "uid" 11111 "" ""
"Title" title 11111 "" ""
END
# Match types
"exactly matches" "(%a=%v))"
"approximately matches" "(%a~=%v))"
"starts with" "(%a=%v*))"
"ends with" "(%a=*%v))"
"contains" "(%a=*%v*))"
END
#
#
#
Groups
""
"Search For:"
"(&(objectClass=rfc822MailGroup)"
"xax500"
multilineDescription
"Description"
subtree
"Common Name" cn 11111 "" ""
"Description" multilineDescription 11101 "" ""
"Owner" "owner" 00001 "owner" "Owner"
"X.500 Member" "member" 00001 "" ""
"E-Mail Member" "mail" 00101 "" ""
END
"exactly matches" "(%a=%v))"
"approximately matches" "(%a~=%v))"
"starts with" "(%a=%v*))"
"ends with" "(%a=*%v))"
"contains" "(%a=*%v*))"
END
#
#
#
"Joinable Groups"
""
"Search For:"
"(&(&(objectClass=rfc822MailGroup)(joinable=TRUE))"
"xax500"
multilineDescription
"Description"
subtree
"Common Name" cn 11111 "" ""
"Description" multilineDescription 11101 "" ""
"Owner" "owner" 00001 "owner" "Owner"
"X.500 Member" "member" 00001 "" ""
"E-Mail Member" "mail" 00101 "" ""
END
"exactly matches" "(%a=%v))"
"approximately matches" "(%a~=%v))"
"starts with" "(%a=%v*))"
"ends with" "(%a=*%v))"
"contains" "(%a=*%v*))"
END
#
#
#
Services
""
"Search For:"
"(&(objectClass=service)"
"xax500"
multilineDescription
"Description"
subtree
"Common Name" cn 11111 "" ""
"Description" multilineDescription 11101 "" ""
"Owner" "owner" 00001 "owner" "Owner"
"Keywords" "keywords" 11111 "" ""
"Hours" "hoursOfOperation" 11111 "" ""
END
"exactly matches" "(%a=%v))"
"approximately matches" "(%a~=%v))"
"starts with" "(%a=%v*))"
"ends with" "(%a=*%v))"
"contains" "(%a=*%v*))"
END
#
#
#
Organizations
""
"Search For:"
"(&(objectClass=organization)"
"xax500"
multilineDescription
"Description"
subtree
"Name" organizationName 01111 "" ""
"Location" localityName 11111 "" ""
"Phone Number" "telephoneNumber" 10111 "" ""
"Description" description 10111 "" ""
END
"exactly matches" "(%a=%v))"
"approximately matches" "(%a~=%v))"
"starts with" "(%a=%v*))"
"ends with" "(%a=*%v))"
"contains" "(%a=*%v*))"
END
#
#
#
Documents
""
"Search For:"
"(&(objectClass=document)"
"xax500"
multilineDescription
"Description"
subtree
"Document Title" cn 11111 "" ""
"Keyword" "keywords" 11111 "" ""
"Category" "category" 11111 "" ""
"Document Number" "documentIdentifier" 11111 "" ""
END
"exactly matches" "(%a=%v))"
"approximately matches" "(%a~=%v))"
"starts with" "(%a=%v*))"
"ends with" "(%a=*%v))"
"contains" "(%a=*%v*))"
END
# $OpenLDAP: pkg/ldap/libraries/libldap/ldaptemplates.conf,v 1.1.3.1.32.2 2000/06/13 17:57:19 kurt Exp $
##########################################################################
# LDAP display templates
##########################################################################
#
# Version must be 1
#
Version 1
##########################################################################
# U-M Person template
##########################################################################
#
# template name and plural name come first
"U-M Person"
"U-M People"
# name of the icon that is associated with this template
"person icon"
# blank-separated list of template options ("" for none)
# addable - end-user should be allowed to add these types of entries
# modrdn - end-user can change the name of these entries
# altview - this template is referred to in another template's
# "linkact" item
"addable"
#
# objectclass list
umichPerson person
END
#
# name of attribute to authenticate as ("" means auth as this entry)
""
#
# default attribute name to use when forming RDN of a new entry
#
cn
#
# default location when adding new entries (DN; "" means no default)
"o=University of Michigan, c=US"
#
# rules used to define default values for new entries
END
#
#
# list of items for display
# each line is either:
# item (type) (attribute) (attr name) (extra args...)
# to define an item or
# samerow
# to keep the next item on the same row as the previous
#
# valid types are:
# cis - case ignore string
# mls - multiline string
# dn -
# mail - case ignore string that contains an RFC822 mail address
# bool - boolean value
# jpeg - inlined JPEG image
# jpegbtn - JPEG image button
# fax - inlined Fax image
# faxbtn - Fax image button
# audiobtn - audio button
# time - time value
# date - time value displayed as a date only
# url - labeled URL for links to items in WWW
# searchact - search action
# linkact - link to another template
#
# valid options (comma separated list appended to the type) are:
# ro - attribute is read only; don't let user edit it
# sort - order the values of this attribute
# 1val - disallow entry of multiple values
# required - this attribute should have at least one value
# hide - don't show this item if attribute has no values
# hideiffalse - hide item if value is FALSE (for type 'bool' only)
#
item jpegbtn "View Photo" jpegPhoto "Next Photo"
item audiobtn "Play Sound" audio
item cis,ro,sort "Also Known As" cn
item mail "E-Mail Address" mail
item cis "Work Phone" telephoneNumber
item cis "Fax Number" facsimileTelephoneNumber
item cis "Pager Number" pager
item mls "Work Address" postalAddress
item cis,sort "Title" title
item cis,ro "Uniqname" uid
item mls "Description" multiLineDescription
item cis "Home Phone" homePhone
item mls "Home Address" homePostalAddress
item url "More Info (URL)" labeledURL
item dn,sort "See Also" seeAlso
item cis "Favorite Beverage" drink
item cis "Notice" notice
item bool,hideiffalse "On Vacation" onVacation
item mls,1val "Vacation Message" vacationMessage
item bool,hideiffalse "Do Not Allow Updates" noBatchUpdates
item time,ro "Last Modified" lastModifiedTime
item dn,ro "Modified By" lastModifiedBy
item searchact "Find Groups Added To" "" "-dnt" "(&(objectclass=rfc822mailgroup)(member=%v))" "multiLineDescription" "Description" ""
item searchact "List Owned Groups" "" "-dnt" "(&(objectclass=rfc822mailgroup)(owner=%v))" "title" "Title" ""
item linkact "Other Addresses" "" "other addresses"
END
##########################################################################
# Person template
##########################################################################
"Person"
"People"
"person icon"
# template options
addable
#
# objectclass list
person
END
# name of attribute to authenticate as
""
# default attribute name to use when forming RDN of a new entry
#
cn
# default location when adding new entries
""
#
# rules used to define default values for new entries
END
#
# list of items for display
item jpegbtn "View Photo" jpegPhoto "Next Photo"
item audiobtn "Play Sound" audio
item cis,sort "Also Known As" cn
item cis,sort "Title" title
item mls "Work Address" postalAddress
item cis "Work Phone" telephoneNumber
item cis "Fax Number" facsimileTelephoneNumber
item cis "Pager Number" pager
item mls "Home Address" homePostalAddress
item cis "Home Phone" homePhone
item cis "User ID" uid
item mail "E-Mail Address" mail
item cis "Description" description
item cis "Favorite Beverage" drink
item dn,sort "See Also" seeAlso
item time,ro "Last Modified" lastModifiedTime
item dn,ro "Modified By" lastModifiedBy
END
##########################################################################
# Group template
##########################################################################
"Group"
"Groups"
"group icon"
# template options
addable modrdn
# objectclass list
rfc822MailGroup
END
# name of attribute to authenticate as
"owner"
# default attribute name to use when forming RDN of a new entry
#
cn
# default location when adding new entries
"ou=User Groups, ou=Groups, o=University of Michigan, c=US"
#
# rules used to define default values for new entries
constant "associatedDomain" "umich.edu"
constant "joinable" "FALSE"
addersdn "owner"
addersdn "member"
addersdn "errorsTo"
addersdn "requestsTo"
END
#
#
# list of items for display
# each line is either:
# item (type) (attribute) (attr name) (extra args...)
# to define an item or
# samerow
#
# list of items for display
item cis,sort "Also Known As" cn
item mls "Description" multiLineDescription
item cis "Phone Number" telephoneNumber
item cis "Fax Number" facsimileTelephoneNumber
item mls "Address" postalAddress
item dn,required,sort "Owner" owner
item url "More Info (URL)" labeledURL
item dn,sort "See Also" seeAlso
item dn,sort "Errors To" errorsTo
item dn,sort "Requests To" requestsTo
item cis "Associated Domain" associatedDomain
item cis "Moderator" moderator
item bool "Suppress 'No E-Mail Address' Errors" suppressNoEmailError
item bool "Others May Join" joinable
item dn,sort "X.500 Members" member
item mail,sort "E-Mail Errors To" rfc822ErrorsTo
item mail,sort "E-Mail Requests To" rfc822RequestsTo
item mail,sort "E-Mail Members" mail
item cis "Notice" notice
item time,ro "Last Modified" lastModifiedTime
item dn,ro "Modified By" lastModifiedBy
item searchact "Subscribers" "" "-dnt" "memberOfGroup=%v" "title" "Title" "joinable"
item verifyact "Verify Members" "member" "mail" "E-Mail Address"
END
##########################################################################
# Organization template
##########################################################################
"Organization"
"Organizations"
"organization icon"
# template options
""
# objectclass list
organization
END
# name of attribute to authenticate as
""
# default attribute name to use when forming RDN of a new entry
o
# default location when adding new entries
""
# rules used to define default values for new entries
constant "o" "foo"
END
#
#
# list of items for display
# each line is either:
# item (type) (attribute) (attr name) (extra args...)
# to define an item or
# samerow
#
# list of items for display
item cis,sort "Name" o
item cis "Location" l
item mls "Address" postalAddress
item cis "Phone Number" telephoneNumber
item cis "Fax Number" facsimileTelephoneNumber
item cis "Description" description
item dn,sort "See Also" seeAlso
item time,ro "Last Modified" lastModifiedTime
item dn,ro "Modified By" lastModifiedBy
END
##########################################################################
# Service template
##########################################################################
"Service"
"Services"
"service icon"
# template options
"addable"
# objectclass list
service
END
# name of attribute to authenticate as
"owner"
# default attribute name to use when forming RDN of a new entry
cn
# default location when adding new entries
"ou=Services, o=University of Michigan, c=US"
# rules used to define default values for new entries
addersdn "owner"
END
#
#
# list of items for display
# each line is either:
# item (type) (attribute) (attr name) (extra args...)
# to define an item or
# samerow
#
# list of items for display
item jpegbtn "View Photo" jpegPhoto
item cis,sort "Name" cn
item mls "Description" multilineDescription
item cis "Provider" provider
item cis,sort "Service Area" serviceArea
item mail "E-mail Address" mail
item cis "Phone" telephoneNumber
item cis "Fax Number" facsimileTelephoneNumber
item mls "Postal Address" postalAddress
item cis "Hours" hoursOfOperation
item url "More Info (URL)" labeledURL
item dn,sort "Depends On" dependentUpon
item dn,sort "See Also" seeAlso
item cis,sort "Platform" platform
item cis,sort "Product" product
item cis,sort "Keywords" keywords
item cis "FCE Rating" serviceRating
item date "Date Rated" ratingTime
item mls "Rating Description" ratingDescription
item time,ro "Last Modified" lastModifiedTime
item dn,ro "Modified By" lastModifiedBy
item dn,required,sort "Owner" owner
END
##########################################################################
# Organizational Role template
##########################################################################
"Organizational Role"
"Organizational Roles"
"person icon"
# template options
""
# objectclass list
organizationalRole
END
# name of attribute to authenticate as
""
# default attribute name to use when forming RDN of a new entry
cn
# default location when adding new entries
""
# rules used to define default values for new entries
END
#
#
# list of items for display
# each line is either:
# item (type) (attribute) (attr name) (extra args...)
# to define an item or
# samerow
#
# list of items for display
item cis,sort "Name" cn
item cis "Description" description
item dn "Role Occupant" roleOccupant
item dn,sort "See Also" seeAlso
item time,ro "Last Modified" lastModifiedTime
item dn,ro "Modified By" lastModifiedBy
END
##########################################################################
# Organizational Unit template
##########################################################################
"Organizational Unit"
"Organizational Units"
"organization icon"
# template options
""
# objectclass list
organizationalUnit
END
# name of attribute to authenticate as
""
# default attribute name to use when forming RDN of a new entry
cn
# default location when adding new entries
""
# rules used to define default values for new entries
END
# Item list
item cis "Organization Unit Name" ou
item cis "Title" title
item time,ro "Last Modified" lastModifiedTime
item dn,ro "Modified By" lastModifiedBy
END
##########################################################################
# Application Entity template
##########################################################################
"Application Entity"
"Application Entities"
"application icon"
# template options
""
# objectclass list
applicationEntity
END
# name of attribute to authenticate as
""
# default attribute name to use when forming RDN of a new entry
cn
# default location when adding new entries
""
# rules used to define default values for new entries
END
# Item list
item cis,sort "Name" cn
item cis "Location" l
item cis "Description" description
item time,ro "Last Modified" lastModifiedTime
item dn,ro "Modified By" lastModifiedBy
END
##########################################################################
# Document template
##########################################################################
"Document"
"Documents"
"document icon"
# template options
""
# objectclass list
document
umichDocument
END
# name of attribute to authenticate as
""
# default attribute name to use when forming RDN of a new entry
cn
# default location when adding new entries
""
# rules used to define default values for new entries
END
#
# Item list
item cis "Document ID" documentIdentifier
item cis "Title" documentTitle
item cis "Series Title" documentSeriesTitle
item cis "Version" documentVersion
item cis,sort "Service Area" serviceArea
item mls "Abstract" multiLineAbstract
item url "More Info (URL)" labeledURL
item dn,sort "Availability" documentAvailable
item dn,sort "See Also" seeAlso
item cis,sort "Platform" platform
item cis,sort "Product" product
item cis,sort "Keyword" keywords
item dn,sort "Author" documentAuthor
item time,ro "Last Modified" lastModifiedTime
item dn,ro "Modified By" lastModifiedBy
item dn,required "Owner" owner
END
##########################################################################
# Document description template
##########################################################################
"DocumentDescription"
"DocumentDescriptions"
"document description icon"
# template options
""
# objectclass list
documentDescription
END
# name of attribute to authenticate as
""
# default attribute name to use when forming RDN of a new entry
cn
# default location when adding new entries
""
# rules used to define default values for new entries
END
#
# Item list
item mls "Description" multilineDescription
item url "More Info (URL)" labeledURL
item time,ro "Last Modified" lastModifiedTime
item dn,ro "Modified By" lastModifiedBy
item dn,required "Owner" owner
END
##########################################################################
# Image template
##########################################################################
"Image"
"Images"
"image icon"
# template options
""
# objectclass list
image
END
# name of attribute to authenticate as
""
# default attribute name to use when forming RDN of a new entry
cn
# default location when adding new entries
""
# rules used to define default values for new entries
END
#
# Item list
item cis "Name" cn
item mls "Description" multilineDescription
item jpegbtn "View Photo(s)" jpegPhoto
item cis "Citation" citation
item cis "Copyright" copyright
item cis "Keywords" keywords
item time,ro "Last Modified" lastModifiedTime
item dn,ro "Modified By" lastModifiedBy
item dn,required "Owner" owner
END
##########################################################################
# Country template
##########################################################################
"Country"
"Countries"
"country icon"
# template options
""
# objectclass list
friendlyCountry
END
# name of attribute to authenticate as
""
# default attribute name to use when forming RDN of a new entry
c
# default location when adding new entries
""
# rules used to define default values for new entries
END
# Item list
item cis "Country Name" co
item cis "Country Code" c
item cis "Description" description
item time,ro "Last Modified" lastModifiedTime
item dn,ro "Modified By" lastModifiedBy
END
##########################################################################
# Locality template
##########################################################################
"Locality"
"Localities"
"locality icon"
# template options
""
# objectclass list
locality
END
# name of attribute to authenticate as
""
# default attribute name to use when forming RDN of a new entry
l
# default location when adding new entries
""
# rules used to define default values for new entries
END
#
# Item list
item cis "Name" l
item time,ro "Last Modified" lastModifiedTime
item dn,ro "Modified By" lastModifiedBy
END
##########################################################################
# "Other Addresses" template
##########################################################################
"Others Addresses"
"Other Addresses"
"other addr icon"
# template options
"altview"
# objectclass list
END
# name of attribute to authenticate as
""
# default attribute name to use when forming RDN of a new entry
""
# default location when adding new entries
""
# rules used to define default values for new entries
END
# Item list
item cis "Street Address" streetAddress
item cis "Locality" l
item cis "State or Province" st
item cis "Postal Code" postalCode
item cis,hide "X.400 Address" mhsORAddresses
item cis,hide "X.400 Address" textEncodedORAddress
Item cis "Other Mailbox" otherMailbox
item time,ro "Last Modified" lastModifiedTime
item dn,ro "Modified By" lastModifiedBy
END
###DEBCONF###
# the configuration of this file will be done by debconf as long as the
# first line of the file says '###DEBCONF###'
#
# you should use dpkg-reconfigure libnss-ldap to configure this file.
#
# @(#)$Id: ldap.conf,v 2.30 2001/09/22 10:57:56 lukeh Exp $
#
# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
#
# PADL Software
# http://www.padl.com
#
# Your LDAP server. Must be resolvable without using LDAP.
host 155.138.40.126
# The distinguished name of the search base.
base o=Ourproj,c=US
# Another way to specify your LDAP server is to provide an
# uri with the server name. This allows to use
# Unix Domain Sockets to connect to a local LDAP Server.
#uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
#binddn cn=proxyuser,dc=padl,dc=com
# The credentials to bind with.
# Optional: default is no credential.
#bindpw secret
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
#rootbinddn cn=manager,dc=padl,dc=com
# The port.
# Optional: default is 389.
#port 389
# The search scope.
#scope sub
#scope one
#scope base
# Search timelimit
#timelimit 30
# Bind timelimit
#bind_timelimit 30
# Idle timelimit; client will close connections
# (nss_ldap only) if the server has not been contacted
# for the number of seconds specified below.
#idle_timelimit 3600
# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd ou=People,
# to append the default base DN but this
# may incur a small performance impact.
#nss_base_passwd ou=People,dc=padl,dc=com?one
#nss_base_shadow ou=People,dc=padl,dc=com?one
#nss_base_group ou=Group,dc=padl,dc=com?one
#nss_base_hosts ou=Hosts,dc=padl,dc=com?one
#nss_base_services ou=Services,dc=padl,dc=com?one
#nss_base_networks ou=Networks,dc=padl,dc=com?one
#nss_base_protocols ou=Protocols,dc=padl,dc=com?one
#nss_base_rpc ou=Rpc,dc=padl,dc=com?one
#nss_base_ethers ou=Ethers,dc=padl,dc=com?one
#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne
#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one
#nss_base_aliases ou=Aliases,dc=padl,dc=com?one
#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one
# attribute/objectclass mapping
# Syntax:
#nss_map_attribute rfc2307attribute mapped_attribute
#nss_map_objectclass rfc2307objectclass mapped_objectclass
# configure --enable-nds is no longer supported.
# For NDS now do:
#nss_map_attribute uniqueMember member
# configure --enable-mssfu-schema is no longer supported.
# For MSSFU now do:
#nss_map_objectclass posixAccount User
#nss_map_attribute uid msSFUName
#nss_map_attribute uniqueMember posixMember
#nss_map_attribute userPassword msSFUPassword
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_objectclass posixGroup Group
#nss_map_attribute cn msSFUName
# Alternatively, if you wish to equivalence W2K and POSIX
# groups, change the uniqueMember mapping line to:
#nss_map_attribute uniqueMember member
# configure --enable-authpassword is no longer supported
# For authPassword support, now do:
#nss_map_attribute userPassword authPassword
# For IBM AIX SecureWay support, do:
#nss_map_objectclass posixAccount aixAccount
#nss_base_passwd ou=aixaccount,?one
#nss_map_attribute uid userName
#nss_map_attribute gidNumber gid
#nss_map_attribute uidNumber uid
#nss_map_attribute userPassword passwordChar
#nss_map_objectclass posixGroup aixAccessGroup
#nss_base_group ou=aixgroup,?one
#nss_map_attribute cn groupName
#nss_map_attribute uniqueMember member
session optional pam_motd.so
session optional pam_mail.so standard noenv
session optional pam_lastlog.so
auth requisite pam_securetty.so
auth requisite pam_nologin.so
auth required pam_env.so
auth sufficient pam_ldap.so
auth required pam_unix.so nullok try_first_pass
account sufficient pam_ldap.so
account required pam_unix.so
password required pam_unix.so nullok obscure min=4 max=8 md5
#session sufficient pam_ldap.so
session required pam_mkhomedir.so skel=/etc/skel umask=057
session required pam_unix.so
#password sufficient pam_ldap.so
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files ldap
group: files ldap
shadow: files ldap
#hosts: files dns
#networks: files
#protocols: db files
#services: db files
#ethers: db files
#rpc: db files
#netgroup: nis
# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Where to store the replica logs
replogfile /var/lib/ldap/replog
# Read slapd.conf(5) for possible values
loglevel 0
#######################################################################
# ldbm database definitions
#######################################################################
# The backend type, ldbm, is the default standard
database ldbm
# The base of your directory
suffix "o=Ourproj,c=US"
# Where the database file are physically stored
directory "/var/lib/ldap"
# Indexing options
index objectClass eq
# Save the time that the entry gets modified
lastmod on
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
by dn="cn=admin,o=Ourproj,c=US" write
by anonymous auth
by self write
by * none
# The admin dn has full write access
access to *
by dn="cn=admin,o=Ourproj,c=US" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
access to dn=".*,ou=Roaming,o=morsnet"
by dn="cn=admin,o=Ourproj,c=US" write
by dnattr=owner write
Reply to: