Hi, Mon, 05 Dec 2011 13:17:33 +0100 "Raffael Sahli" <[email protected]> wrote: >Hi
>This means that pam_ldap is working but nss_ldap isn't (Restart the nscd >damon, if installed..). >Check your auth log on your fedora. You should see some lib_nss log >messages. Everything is working fine but the problem is with the ACL rule which is used to restrict a user to see his information only. access to filter=(objectClass=person) by self write by dn.children="ou=People,dc=abc,dc=com" none by anonymous none by * none the problem is with 'by anonymous none'. Here, it will restrict access as per desired (means each user to see his info only) but when i do $ssh ldap_6@<client-node>, it will ask passwd and will show the following: id: cannot find name for user ID 514 [ I have no name!@<client-node>] On the other way, when I specify 'by anonymous read' in the above ACL rule and do $ssh ldap_6@<client-node> , it works. [ldap_6@<client-node>] but ldap_6 user can see other users info since anonymous can read everything which is not desirable. So, my problem is I want to specify the ACL rule such that each user can see its own data only and at the same time I should not get ' I have no name!' after ssh. How do I write the ACL rule to achieve this? Any suggestions are welcome. >On 12/05/2011 11:48 AM, Jayavant Patil wrote: >> Hi, >> >> I am using openldap-2.4.19-4 on fedora 12 machine. In order to >> protect roobindpw, I removed that from /etc/ldap.conf and written it >> in /etc/ldap.secret with root access only. Now, /etc/ldap.conf file >> (with permissions 644) contents w.r.t. bind are as follows: >> >> # The distinguished name to bind to the server with. >> # Optional: default is to bind anonymously. >> #binddn cn=root,dc=abc,dc=com >> >> # The credentials to bind with. >> # Optional: default is no credential. >> #bindpw cluster >> >> # The distinguished name to bind to the server with >> # if the effective user ID is root. Password is >> # stored in /etc/ldap.secret (mode 600) >> rootbinddn cn=root,dc=abc,dc=com >> >> but now when I do $ssh ldap_6@client-node-name, I get the following >> message: >> >> id: cannot find name for user ID 514 >> id: cannot find name for user ID 514 >> [I have no name!@client-node-name ~]$ >> >> when i do $id on client node I get the followng: >> >> uid=514 gid=514(ldap_6) groups=514(ldap_6) >> >> >> Any idea what could be the problem? >> >> >> >> >> >> -- >> >> Thanks & Regards, >> Jayavant Ningoji Patil >> Engineer: System Software >> Computational Research Laboratories Ltd. >> Pune-411 004. >> Maharashtra, India. >> +91 9923536030. >> -- Thanks & Regards, Jayavant Ningoji Patil Engineer: System Software Computational Research Laboratories Ltd. Pune-411 004. Maharashtra, India. +91 9923536030.
