lists.arthurdejong.org
RSS feed

Re: [nssldap] question about nssldap configuration

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: [nssldap] question about nssldap configuration



>> Is it possible setting the username based on a pattern expansion?
>
> to my knowledge this is not possible out of the box, but can be obtained
> by hacking the source code of nss_ldap.
>
> I recommend to follow standard operating procedure and edit the gecos
> fields in the LDAP server.
>

Thank you Thomas,

Yes, I hacked the source code of nss_ldap with successful results, so
the home directory was based on the username
(/home/ldap/<user_name>"), but I would have liked to do this without
compile.

However I could not change the uid of the users. I tried to do this
with 2 methods:
a) changes in source code in the same way as the home directory (uid
was a hash number based on username)
b) Set a default value in /etc/ldap.conf with
"nss_default_attribute_value uidNumber 2222" (2222 only for proofs)


With this two changes the results are the same: users can not login
with ssh. The auth.log:
Nov 25 17:56:09 pipo sshd[7701]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=XXXX es
user=Administrador
Nov 25 17:56:09 pipo sshd[7701]: Accepted password for Administrador
from 87.218.XXX.XXX port 38913 ssh2
Nov 25 17:56:09 pipo sshd[7701]: pam_unix(sshd:session): session
opened for user Administrador by (uid=0)
Nov 25 17:56:09 pipo sshd[7701]: fatal: login_get_lastlog: Cannot find
account for uid 2222
Nov 25 17:56:09 pipo sshd[7701]: pam_unix(sshd:session): session
closed for user Administrador
Nov 25 17:56:09 pipo sshd[7701]: syslogin_perform_logout: logout()
returned an error

Nevertheless users can login in console with the correct id (but
system can not find his name: cannot find name for user id:2222 ).

It is possibly to change the user id in the client side┬┐?

Cheers!