Re: ldap re-creating database

To: <debian-user@lists.debian.org>
Subject: Re: ldap re-creating database
From: "nate" <debian-user@aphroland.org>
Date: Mon, 18 Nov 2002 17:54:43 -0800 (PST)
Message-id: <[🔎] 3677.216.39.174.24.1037670883.squirrel@webmail.linuxpowered.net>
In-reply-to: <20021119012408.GJ13036@shark>
References: <[🔎] 20021118062446.GC12271@shark> <[🔎] 23973.216.39.174.24.1037603516.squirrel@webmail.linuxpowered.net> <[🔎] 20021118072324.GA13036@shark> <[🔎] 20021118102933.GB13036@shark> <[🔎] 17758.216.39.174.24.1037649028.squirrel@webmail.linuxpowered.net> <20021119012408.GJ13036@shark>

mdevin said:

> You are a legend.  I don't know how you figured out all that stuff but
> after copying and pasting from your howto I can finger user aphro (which
> doesn't exist otherwise on my system).

ok thats a good start :)

>
> I still can't get the pam_ldap working with ssh, despite copying your
> pam_ldap.conf file and putting the same entries as you in /etc/pam.d/ssh
>
> I checked /etc/ssh/sshd_config and commented out:
> #UsePrivilegeSeparation yes
> And then changed the following to yes:
> PAMAuthenticationViaKbdInt yes

did you restart SSH after making the change? I have priviledge speration
set to no, just because I haven't had a chance to test  it with yes yet,
I don't think it would work with the strict permissions on the pam_ldap.conf.
maybe you can get around this by using group permissions.

>
> While watching the logs in the terminal I started slapd from with -d 255
> switch, I don't even see any action when trying to ssh as user aphro or
> any other user for that matter.  So it seems that sshd is not even trying
> to use ldap.

check /var/log/auth.log for messages from the SSH daemon(and PAM) on
the server, that should reveal something as well, sounds like it's not
configured to connect to the right host/port/protocol. or priviledge
seperation is preventing it from reading the config file.


> Anyway, just wanted to let you know that I thank you for your help and
> that I can now see the light.  The only changes I made to your
> configuration and ldif files were to leave slapd running as root and let
> it bind to the default port of 389.

glad to help, it wasn't easy digging that stuff up, took many months
of work, and a good 25-30 hours to complete that document,  Theres more
cool stuff you can do with pam_ldap which I learned since I wrote that
doc, but haven't added it yet. the ldap doc is moving to a new home
soon:

http://howto.aphroland.de/HOWTO/LDAP

which runs on Zope+Zwiki, which allows users to add content to the documents,
create new documents, subscribe to documents to recieve email notification
when they change and more. It's not finished yet I hope to finish the
initial version tonight. hopefully this can encourage users to add more
info to the documents on their own since its really difficult to get in
the documenting "mode", as can be seen by my not updating my LDAP docs
since august ..even though I know there is at least 2 errors in it.

also check out my MRTG docs which I completed the initial revision of
the HOWTO over the weekend(another 10-20 hours of writing, ack), it
has all the features of Zwiki enabled:

http://howto.aphroland.de/HOWTO/MRTG

nearly 60 different uses for MRTG documented there with more to come.

good luck!

nate

Reply to:

Follow-Ups:
- Re: ldap re-creating database
  - From: mdevin <mdevin@ozemail.com.au>
- Re: ldap re-creating database
  - From: mdevin <mdevin@ozemail.com.au>

References:
- Re: ldap re-creating database
  - From: mdevin <mdevin@ozemail.com.au>
- Re: ldap re-creating database
  - From: "nate" <debian-user@aphroland.org>
- Re: ldap re-creating database
  - From: mdevin <mdevin@ozemail.com.au>
- Re: ldap re-creating database
  - From: mdevin <mdevin@ozemail.com.au>
- Re: ldap re-creating database
  - From: "nate" <debian-user@aphroland.org>

Prev by Date: Re: hdparm and DMA
Next by Date: from GIF to PS
Previous by thread: Re: ldap re-creating database
Next by thread: Re: ldap re-creating database
Index(es):
- Date
- Thread