RE: Using two differents LDAPS
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
RE: Using two differents LDAPS
- From: DROUSSENT Jordan <JORDAN.DROUSSENT [at] atos.net>
- To: "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: RE: Using two differents LDAPS
- Date: Tue, 5 Jun 2012 08:02:45 +0000
I know that's libpam-ldap is configured in /etc/pam_ldap.conf in debian.
In debian 6 I do :
- aptitude install ldap-client nscd libpam-ldap libnss-ldap
-/etc/libnss-ldap.conf
_______________________________________
base my_first_base
uri ldaps://my_second_ldap:636 ldaps://my_firs_ldap:636
ldap_version 3
timelimit 120
nss_base_passwd ou=utilisateurs, dc=my_second_ldap?one
nss_base_shadow ou=utilisateurs, dc=my_second_ldap?one
nss_base_group ou=groupes,dc=my_second_ldap?one
ssl on
tls_checkpeer no
_______________________________________
-/etc/pam_ldap.conf
_______________________________________
base my_first_base
uri ldaps://my_first_ldap:636
ldap_version 3
timelimit 120
ssl on
tls_checkpeer no
_______________________________________
/etc/nsswitch.conf
_______________________________________
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
_______________________________________
- echo " tls_reqcert never" > /etc/ldap/ldap.conf
In /etc/pam.d/common-*, there are no special informations. This configurations
works...
Now with this configuration in centos 6:
- yum install openldap-clients nss-pam-ldapd
- /etc/pam_ldap.conf
_______________________________________
base my_first_ldap
uri ldaps://my_first_ldap:636
ldap_version 3
scope one
time_limit 120
idle_timelimit 300
ssl on
tls_checkpeer no
tls_reqcert never
_______________________________________
- /etc/nslcd.conf
_______________________________________
Base my_first_ldap
uri ldaps://my_second_ldap:636 ldaps://my_first_ldap:636
base group ou=groupes,dc=my_second_ldap
base passwd ou=utilisateurs, dc=my_second_ldap
base shadow ou=utilisateurs, dc=my_second_ldap
ldap_version 3
ssl on
tls_reqcert never
timelimit 120
idle_timelimit 300
uid nslcd
gid nslcd
_______________________________________
- /etc/nsswitch.conf
_______________________________________
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
_______________________________________
This works in centos 6, but when i do the same thing in debian, it's not
working. I test something else configuration but nothing in the logs file...
I test to install libpam-ldap and libnss-ldapd but I found no issue...
I hope you see any difference between centOS 6 and debian 6...
-----Message d'origine-----
De :
nss-pam-ldapd-users-bounces+jordan.droussent=atos.net@lists.arthurdejong.org
[nss-pam-ldapd-users-bounces+jordan.droussent=atos.net [at] lists.arthurdejong.org]
De la part de Arthur de Jong
Envoyé : lundi 4 juin 2012 19:52
À : nss-pam-ldapd-users@lists.arthurdejong.org
Objet : RE: Using two differents LDAPS
On Mon, 2012-06-04 at 13:46 +0000, DROUSSENT Jordan wrote:
> I check my centos installation, just openldap-clients and
> nss-pam-ldapd are here. I test nss-pam-ldapd in combination with
> libpam-ldap on Debian. But it's not working.
libpam-ldap is configured in /etc/pam_ldap.conf in Debian.
> When I do nslcd -d and I test to authenticate my user, there are no
> error logs no information log. I think that the nslcd service not
> working. When I use libnss-ldap and libpam-ldap, it's work...
> So i can use this solution, or I must use nss-pam-ldapd?
If libnss-ldap works and libnss-ldapd doesn't I would be interested to know the
difference. Information from /etc/nsswitch.conf, /etc/nslcd.conf,
/etc/pam_ldap.conf, /etc/libnss-ldap.conf, /etc/pam.d/common-auth and any
information from the logs would be helpful.
Btw, if you are neither using libnss-ldapd or libpam-ldapd you can remove nslcd.
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
________________________________
Ce message et les pièces jointes sont confidentiels et réservés à l'usage
exclusif de ses destinataires. Il peut également être protégé par le secret
professionnel. Si vous recevez ce message par erreur, merci d'en avertir
immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant
être assurée sur Internet, la responsabilité du groupe Atos ne pourra être
engagée quant au contenu de ce message. Bien que les meilleurs efforts soient
faits pour maintenir cette transmission exempte de tout virus, l'expéditeur ne
donne aucune garantie à cet égard et sa responsabilité ne saurait être engagée
pour tout dommage résultant d'un virus transmis.
This e-mail and the documents attached are confidential and intended solely for
the addressee; it may also be privileged. If you receive this e-mail in error,
please notify the sender immediately and destroy it. As its integrity cannot be
secured on the Internet, the Atos group liability cannot be triggered for the
message content. Although the sender endeavors to maintain a computer
virus-free network, the sender does not warrant that this transmission is
virus-free and will not be liable for any damages resulting from any virus
transmitted.
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
