On Mon, 2003-08-04 at 06:43, subscribe wrote:
> Hi,
> I've configured LDAP authentication to my RH9 installation and now
> I can't log in to the computer anymore; possible I sat the ldap root
> directory wrong. Does anyone know how to fix this? I can't even login
> as root.
Boot into single-user m
On Mon, 2003-08-04 at 11:43, subscribe wrote:
> Hi,
> I've configured LDAP authentication to my RH9 installation and now
> I can't log in to the computer anymore; possible I sat the ldap root
> directory wrong. Does anyone know how to fix this? I can't even login
> as root.
At the grub splashscree
ok,
will check that out.
Thanks,
Hiten.
--- Gordon Messmer <[EMAIL PROTECTED]> wrote:
> Hiten Desai wrote:
> >
> > any info regarding configuring
> > some web page which gives the
> > current ldap users output which
> > can be used as a csv or txt address book.
> > there is this feature in
Hiten Desai wrote:
any info regarding configuring
some web page which gives the
current ldap users output which
can be used as a csv or txt address book.
there is this feature in horde but
it is stopping at 500 entries
I would like a simple webpage
which can do this trick.
Perhaps your LDAP se
James Pifer wrote:
Is the LDAP-Howto the right howto for this?
http://www.ofb.net/~jheiss/krbldap/howto.html
http://www.bayour.com/LDAPv3-HOWTO.html
I belive that someone on this list wrote another set of documentation on
the subject that I failed to bookmark. Perhaps he'll speak up later :)
James Pifer wrote:
If there are no local user accounts, how do you specify who is "allowed"
access?
You can use and LDAP filter to allow only accounts with specific
attributes, or use an application-specific filter (like PAM's
access.conf, or ssh's key-only logins).
--
redhat-list mailing list
James Pifer wrote:
So the user would have an account on the linux machine. When they try to
login, redhat would look to ldap to check authentication?
The password file wouldn't contain account info, but the user would need
his shell and home directory to exist for most services to function
corre
Note that the different way will be based on /etc/nsswitch.conf which I
assume that authconfig will modify anyway, it seems to be the case on
Solaris 9.
A. Sopicki wrote:
Hi, James!
If there are no local user accounts, how do you specify who is "allowed"
access? Is the LDAP-Howto the right how
Hi, James!
> If there are no local user accounts, how do you specify who is "allowed"
> access? Is the LDAP-Howto the right howto for this?
Your accounts are stored in LDAP. If your system is using ldap it will search
the ldaptree for an entry for the given username and match your password with
On 29 May 2003, James Pifer wrote:
> If there are no local user accounts, how do you specify who is "allowed"
> access? Is the LDAP-Howto the right howto for this?
Set pam_groupdn in /etc/ldap.conf to a group defined in LDAP that get to
access that specific machine.
--
redhat-list mailing lis
auths against a NT PDC.
>
> -Original Message-
> From: James Pifer [mailto:[EMAIL PROTECTED]
> Sent: Thursday, May 29, 2003 10:38 AM
> To: RedHat List
> Subject: RE: LDAP on Redhat.
>
>
> So the user would have an account on the linux machine. When they t
There would be no local accounts. All user info is in the LDAP database.
The samba auths against a NT PDC.
-Original Message-
From: James Pifer [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 10:38 AM
To: RedHat List
Subject: RE: LDAP on Redhat.
So the user would have an account
So the user would have an account on the linux machine. When they try to
login, redhat would look to ldap to check authentication?
If so, that sounds pretty good, but what about other modules, such as
Samba? Since it uses smbpasswd, it would probably not use LDAP. Is that
correct?
Thanks,
James
I believe it would auth users against said LDAP server and not the
passwd/shadow files
-Original Message-
From: James Pifer [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 10:07 AM
To: RedHat List
Subject: LDAP on Redhat.
When you're given the option during the Redhat install to
On Wed, Feb 19, 2003 at 09:58:16PM +0530, senthil@jadooworks wrote:
>
> I am back again and this time I have deceided to check out LDAP completely
> before migrating to it. I still have a little doubt about how the client
> can understand if it is getting authenticated by a NIS server or a LDAP.
At 06:13 PM 2/4/2003, you wrote:
>
>
>FYI, both fqdn and ip are resolvable using dns for these pc.
Problem because in ldap.conf point to hostname-nly, not fqdn.
changing to fqdn solve this problem (or by running nscd)
Tks.
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subjec
On Tue, 2003-02-04 at 10:13, Beast wrote:
> when i search from this-ldap-server:
> [beast@atlantis src]$ ldapsearch -x '(uid=beast)'
>
> It give _fast_ output, but when i did same command from client-ws, again,
> it takes arround 30-60 secs.
> What could be the problem?
>
> FYI, both fqdn and ip
At 05:52 AM 2/4/2003 -0500, you wrote:
>On 04-Feb-2003/17:43 +, Beast <[EMAIL PROTECTED]> wrote:
>>I've just setup 2 pc (rh 80), one for ldap server (openldap-2.1.12,
>>compiled from source) and one for client. i can login from ws with user
>>in ldap, but it takes 2-3 minutes to log in. when
On 04-Feb-2003/17:43 +, Beast <[EMAIL PROTECTED]> wrote:
>I've just setup 2 pc (rh 80), one for ldap server (openldap-2.1.12,
>compiled from source) and one for client. i can login from ws with user
>in ldap, but it takes 2-3 minutes to log in. when issue command ls -l to
>any files/dirs owne
On Sat, 2003-01-04 at 01:05, Beast wrote:
> At 11:10 AM 1/3/2003 -0800, you wrote:
> >If you build a single master system and replicate to the other three
> >offices, you'll be able to authenticate in the event of a link failure,
> >but you won't be able to modify the directory (change passwords).
nate said:
> http://howto.aphroland.org/HOWTO/LDAP
that should be http://howto.aphroland.de/HOWTO/LDAP
nate
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Remo Mattei said:
> I am trying to get ldap going on my box, I have downloaded berkeleyDB
> complied since my OpenLDAP did not not recognize my bdb option. I have
> retry once, again after I check the berkeleyDB but no luck still says
> unrecognize database bdb.
> So if someone has OpenLDAP working
At 11:10 AM 1/3/2003 -0800, you wrote:
>On Fri, 2003-01-03 at 10:39, Beast wrote:
>> Server design:
>> all sites are connected using leased line, so problem in links should not
>> interupt user in one site to authenticate(or modify their password) to
>> their own ldap server, but all servers in all
On Fri, 2003-01-03 at 10:39, Beast wrote:
> Server design:
> all sites are connected using leased line, so problem in links should not
> interupt user in one site to authenticate(or modify their password) to
> their own ldap server, but all servers in all sites should be synch.
>
> What is the bes
EMAIL PROTECTED]
Subject: Re: LDAP - adding info to database
Chris Mason said:
> I have installed openldap and the samba.idealx.org ldap configuration
> and scripts, and now I have ldap authentication working wonderfully
> well. I'd like to be able to use the same ldap user database for ot
Chris Mason said:
> I have installed openldap and the samba.idealx.org ldap configuration and
> scripts, and now I have ldap authentication working wonderfully well. I'd
> like to be able to use the same ldap user database for other info such as
> phone numbers, email, etc, but I don't know how to
nate wrote:
-
Remo Mattei said:
> Does anyone have a good ldap configuration howto?
> Thanks
http://howto.aphroland.de/HOWTO/LDAP
-
This is great document but also do a google search.
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?sub
Remo Mattei said:
> Does anyone have a good ldap configuration howto?
> Thanks
http://howto.aphroland.de/HOWTO/LDAP
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
On Fri, 2002-12-06 at 12:22, Aly S.P Dharshi wrote:
> Gordon,
>
> I agree, and after a test that the passwd utility does indeed change
> the password the only question is that it encodes it as a {CRYPT} and I
> want to use MD5 as my hashing scheme
>From /usr/share/doc/nss_ldap-198/README.pa
Gordon,
I agree, and after a test that the passwd utility does indeed change
the password the only question is that it encodes it as a {CRYPT} and I
want to use MD5 as my hashing scheme, how would one do it unless we had
to write a script that would actually do it that way. The ldappasswor
On Wed, 2002-12-04 at 23:31, Aly S.P Dharshi wrote:
> I don't know if the passwd program is the solution I frankly don't know
> if it would work although its worth a try, instead this works pretty
> well.
>
> ldappasswd -s -D
> "uid=,ou=People,dc=subdomain,dc=domain,dc=ca"
> -w -x -h
...
On Wed, 2002-12-04 at 21:14, Gordon Messmer wrote:
> On Mon, 2002-11-25 at 16:47, Patrick Nelson wrote:
> >
> > What is the best way (process) to change ldap passwords?
>
> Have you tried "passwd"? I'd expect PAM to be able to manage to change
> a password in the directory.
I don't know
On Mon, 2002-11-25 at 16:47, Patrick Nelson wrote:
>
> What is the best way (process) to change ldap passwords?
Have you tried "passwd"? I'd expect PAM to be able to manage to change
a password in the directory.
> How about adding users?
>
> Is there a tool for this I just have not found yet?
Patrick Nelson wrote:
-
RH73 currently up2date
On my laptop, I had a NIC configured for a Port Replicator (PR). We went to
WLAN so I had stopped using the PR. I had noticed that when booting there
was an error message about not being able to find the hardware for eth0 or
som
Patrick Nelson wrote:
-
Putting ssl yes in ldap.conf doesn't really do (at least it doesn't seem to)
anything different. The results were the same.
So just running authconfig and setting values for server, base DN, and
selecting Use TLS, should do this... OK cool a tool...
Th
Gordon Messmer wrote:
-
If I understand correctly, you should just have to set "ssl yes" in
/etc/ldap.conf.
If you use "authconfig" to configure pam and nss (and you should), you
can simply choose the "Use TLS" option for LDAP, and it should get
everything right for you.
--
On Thu, 2002-10-31 at 12:29, Patrick Nelson wrote:
> channel being set up? If I use the pam_ldap to authenticate from my ldap
> server how do I make sure that it's done over SSL/TLS?
If I understand correctly, you should just have to set "ssl yes" in
/etc/ldap.conf.
If you use "authconfig" to co
Hugo Tavares writes:
> I can't bind the 389 LDAP port.
> (...)
> but if I start "slapd -h "ldap://127.0.0.1:3000";, it works :| !
You must run slapd as root. Non-root users cannot bind ports < 1024 (or
maybe it's < 1000, I don't quite remember).
--
Hallvard
--
redhat-list mailing list
u
Dear Jeff
I really understand your point of view, and I agree with that but I disagree
in one point: we should expect that something can occurs, being an attack, a
server down, etc, etc, although we have to give QoS to the client because he
is paying for being served! Like the restaurants we like
You should ask yourself this question:
You don't expect your master LDAP server to fail frequently, if you do
then you better examine other parts of you deployment. On the rare
occasions that the LDAP server fails, the outages will usually be short
in duration. Do you really need to allow write
On Wed, Oct 09, 2002 at 10:01:50AM +0100, Hugo Tavares wrote:
>
> Has anyone implemented a redundant system for fail recovery for LDAP? I have
> searched for case studies and I found the linux-HA software. Is it fine for
> a large scale implementation?
Here's how I've always been told to do it:
Words by Hugo Tavares [Wed, Oct 09, 2002 at 10:01:50AM +0100]:
> Greetings citizens of... Red Hat City ;)
>
> Does anyone worked with LDAP, to give-me some considerations about it? I
> hope so...
>
> Has anyone implemented a redundant system for fail recovery for LDAP? I have
> searched for case
GQ is good for looking at the whole directory, but if you are looking
for something that does user administration, take a look at Directory
Administrator
http://diradmin.open-it.org/index.php
On Mon, 2002-10-07 at 08:05, Anthony E. Greene wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
A real excellent one is IBM's DMT tool, which ships with IBM's own LDAP server, IBM
Secureway Directory, which is in fact free.
check out
http://www14.software.ibm.com/webapp/download/search.jsp?go=y&rs=ldap41
Regards
You wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> On 07-Oct
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07-Oct-2002/10:59 +, Postman Pat <[EMAIL PROTECTED]> wrote:
>Greetings list,
>I am looking for an graphical LDAP directory administration tool for
>redhat. I want to use it for administration of my openldap directory.
>
>Is there a good freewa
Yes. We do all of our user administration for both NT/2000 and Linux in
the AD at my place of employment. If all you want to do is authenticate
local /etc/passwd users to the AD, then you can use pam_ldap or
pam_smb_auth. If you want to do ALL user administration in the Active
Directory, it ge
I believe when I was looking for info on the AD LDAP scheme when
developing a PHP web-based user manager I found a lot of it on TechNet.
http://www.microsoft.com/technet is your friend today :-).
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listm
Title: Message
Do you
any resources that document the LDAP DN/CN info needed?
Thanks,
CC
-Original Message-From: Christian
Fredrickson [mailto:[EMAIL PROTECTED]] Sent: Thursday, October
03, 2002 8:42 AMTo: [EMAIL PROTECTED]Subject: RE:
LDAP Auth un RH 8.0
I
have
Title: Message
I have
authentication form Linux (Redhat 7.x) to MS ADS working
well.
Chris
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Chuck
CarsonSent: Thursday, October 03, 2002 8:00 AMTo:
[EMAIL PROTECTED]Subject: LDAP Auth un RH
[EMAIL PROTECTED] writes:
>I am looking for a TRUE ldap authentication scheme, not merely file
>sharing authentication services. Thus, if there exists a user named
>'someone' in the active directory, can this user log into a linux box
>using ldap authentication?
>
>Will this package do this?
Regu
Wining is an extension of Samba used for this. It is included with RH.
Search for it...
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
On 24-Sep-2002 at 17:06:14 Anthony E. Greene wrote:
> Unless the LDAP server admin will setup a scheduled dump for you, I don't
> see any way other than running dozens of looped queries to get all the
> entries.
>
Agreed.
>From the openldap mailing list, I asked the same question there, it appea
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24-Sep-2002/16:19 +0100, John Horne <[EMAIL PROTECTED]> wrote:
>On 24-Sep-2002 at 14:31:14 Furnish, Trever G wrote:
>> Someone will probably correct me but I doubt you can do that. The limit
>> is probably server-side.
>>
>Oh rats, don't say that
On 24-Sep-2002 at 16:02:04 Anthony E. Greene wrote:
>>The problem is I know little about ldap as such and have no dealing with
>>the server. I gather there is a limit imposed of returning 1000 records
>>(a 'page' I am told) each time. My question though is how do I tell
>>ldapsearch to 'get the ne
On 24-Sep-2002 at 15:41:10 Furnish, Trever G wrote:
> Well then why not just schedule the export on the windows box. Just
> script up whatever the process is for dumping the data from AD and make a
> scheduled task for it. Then pull or push it over to your *nix box and do
> whatever needs doing.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24-Sep-2002/15:01 +0100, John Horne <[EMAIL PROTECTED]> wrote:
>We have a Microsoft windows server running ldap, and I am trying to
>obtain a list of all the users in the ldap server. There are about 20,000
>in total. I can retrieve about 1000 usin
On Tue, 2002-09-24 at 11:41, Furnish, Trever G wrote:
> Also the microsoft newsgroups.
How dare you mention the name of the devil!
-- Jonathan
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
> -Original Message-
> From: John Horne [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 24, 2002 10:20 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Ldap - how to retrieve multiple pages
>
> > You *can* however probably get the windows admin to export
> his
On 24-Sep-2002 at 14:31:14 Furnish, Trever G wrote:
> Someone will probably correct me but I doubt you can do that. The limit
> is probably server-side.
>
Oh rats, don't say that :-(
> You *can* however probably get the windows admin to export his directory
> for you into some format you can rea
Someone will probably correct me but I doubt you can do that. The limit is
probably server-side. You *can* however probably get the windows admin to
export his directory for you into some format you can read, ldif or csv.
> -Original Message-
> From: John Horne [mailto:[EMAIL PROTECTED]
Hello guys,
Yes NIS is simple and "easy" to setup, but also has the following problems:
1) Is insecure: doesn't support encryption and depends on portmapper wich has been
know to have security problems in the past with buffer overflows (you can improve the
situation with a firewall and a good
John,
> I am planning to deploy a multiple server configuration and have a
> requirement to control user accounts, passwords, and system resources
> from a central directory.
>
> LDAP seems to satisfy this requirement. I'm interested in any
> opinions/experiences regarding LDAP as a central auth
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05-Sep-2002/11:26 -0500, "John H. Clark, III" <[EMAIL PROTECTED]> wrote:
>I am planning to deploy a multiple server configuration and have a
>requirement to control user accounts, passwords, and system resources
>from a central directory.
>
>LDAP s
basic directory info). Give it a try.
Steve
> - Original Message -
> From: "Fernando Lozano" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, August 14, 2002 3:56 PM
> Subject: Re: LDAP administration
>
>
> > Chad,
> >
On Tue, 20 Aug 2002, Jonathan Johnson wrote:
> One day a friend of mine asked, "What do you call a black bird with a
> yellow head?" (This is in Minnesota, USA.) I replied, with a gentle
> smirk, "A Yellow-headed Blackbird. Sorry!"
In Minnesota speak wouldn't that be "A Yellow-Headed Blackbir
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20-Aug-2002/09:56 -0700, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
>Can someone recommend to me a good ldap software for rh 7.2? Are there any
>open source ldap packages?
OpenLDAP should be included on your Red Hat CD.
- --
Anthony E. Gree
OpenLDAP (http://www.openldap.org)
[EMAIL PROTECTED] wrote:
> Can someone recommend to me a good ldap software for rh 7.2? Are there any
> open source ldap packages?
>
>
>
--
Aly Dharshi
[EMAIL PROTECTED]
Student/System Administrator ORS
University of Lethbridge
"A good speech is l
Have you looked at OpenLDAP? It's pretty solid and has been around a while.
http://www.openldap.org/
Trev.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, August 20, 2002 10:57 AM
To: [EMAIL PROTECTED]
Subject: ldap
C
Dear NextNetter with the Red Hat,
As an experienced birdwatcher I often am consulted about sightings.
One day a friend of mine asked, "What do you call a black bird with a
yellow head?" (This is in Minnesota, USA.) I replied, with a gentle
smirk, "A Yellow-headed Blackbird. Sorry!"
On Tue, 20
try the openldap project, it works quite good for small ldap servers.
http://www.openldap.org
> Can someone recommend to me a good ldap software for rh 7.2? Are there any
> open source ldap packages?
>
>
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
there is a java based LDAP browser. Runs on Linux, Windows and anything with
Java.
http://www-unix.mcs.anl.gov/~gawor/ldap/installation.html
- Original Message -
From: "Fernando Lozano" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 14, 20
Chad,
> What graphical administration programs do any of you use and/or which would
> you recommend. I am trying to learn more about LDAP and its administration
> so if any of you know of software I should investigate or resources I should
> read please let me know.
I have started a tool for use
Chad
LDAP Browser is good but I'd rather stick to the command line utilities.
Cheers,
Ziad
>From: Chad Skinner <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: redhat-list <[EMAIL PROTECTED]>
>Subject: LDAP administration
>Date: Sun, 11 Aug 2002 20:15:32 -0500
>
>What graphical administr
Chad Skinner wrote:
>What graphical administration programs do any of you use and/or which would
>you recommend. I am trying to learn more about LDAP and its administration
>so if any of you know of software I should investigate or resources I should
>read please let me know.
>
>Thanks,
>Chad
>
>
On Fri, 2002-06-07 at 06:15, Steven Hildreth wrote:
>
> I need to setup a single point authentication for my LAN/WAN.
You'll probably want to set up LDAP for name lookups to replace NIS, and
Kerberos for authentication.
LDAP, as a directory service, does not actively "authenticate" users.
It's
Hi Kerry!
> Where can one find in-depth tutorials and manuals on open-ldap? I have
> read the documentation on openldap.org, but would like some documentation
> that goes deeper into more complex setups.
I guess at perldap.org you can find some nice links. And maybe you'd like to try a
tool
Chris,
> I'm trying to setup openLDAP as a central address book, and I have it
> running on a server. At this stage I don't know how to start off the
> database, can anyone give me some hints on the configuration that will get
> me going?
Visit openldap.org and enter the FAQ for release 1.2. I
Chris,
Try reading this. its an article I wrote, basically goes through the
steps for setting up openldap and using netscape address book to access that
database.
http://cs.selu.edu/~jholland/ldap.html
lemme know if this helps out. this should get you going with a basic setup.
later!
Jason
On Sun, 26 Nov 2000, Corisen wrote:
>hi, i'm designing an web-based registration. there will be a drop down list
>on this web-based form to select the user's department. i've thought of 2
>ways of dynamically populating the department drop-down list:
>
>1. design the ldap name space to contain dep
On Sun, 26 Nov 2000, Corisen wrote:
> I'm most probably be using PHP to perform all LDAP administration.
I'd like to make one comment: PHP is a great web scripting language, but I
find it awkward as a system administration language. You will be able to
perform almost all operations using PHP, b
t;---repeated
Actually, I'm trying to get only 1 value for each department:
o=department1
o=department2
Any idea if it's possible using command line tool or using PHP?
Once again, thank you so much for your help :)
- Original Message -
From: Thornton Prime <[EMAIL PROTECTED
> for each department, there will be a parent node with dn: o=depertment1,
> dc=mycompany, dc=com.
> under this node, there will be many child entries with:
> dn: uid=username1, o=department1, dc=mycompany, dc=com
> objectclass :
> o: department1
> ..(other attributes/values)
>
> so if i
hi thornton, thanks for your advice and sharing with me your experiences.
may i just ask you a few more questions below pls.
- Original Message -
From: Thornton Prime <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, November 26, 2000 3:06 AM
Subject: Re: ldap vs my
On Sun, 26 Nov 2000, Corisen wrote:
> my worries about method 1 is as follows:
> 1. if the department changes name, how can i update the dn of all the users
> under this department tree?
Direcories are heirachical. The DN is the directory address of an entry.
You don't need to rename all the ch
84 matches
Mail list logo
