the Lightweight Directory Access Protocol (LDAP), a protocol used for modifying and querying items stored in directory services
1
vote
1answer
21 views
LDAP: ldapadduser - can I add to two different groups?
Usually - ldapadduser assumes only one attribute for group-name:
# ldapadduser sysuser2 sysusers
Can I add add this users in to two groups while creating user?
If I try run like:
# ldapadduser ...
2
votes
0answers
25 views
LDAP: view DIT structure from terminal
Can I get list of existing entries using any console utilities?
For example - I can get a tree of my filesystem with tree:
$ tree
.
├── Catalina
│ └── localhost
│ ├── host-manager.xml
│ ...
0
votes
1answer
40 views
How do I change login shell to nologin for an LDAP user RHEL 6?
yum install ypchsh and yum install ldapmodify both don't find a package. I only want to change the shell for certain ldap users on this one server. Someone please help, I can't seem to figure this ...
1
vote
1answer
30 views
OpenLDAP: how can I list active schemes, classes etc?
I'm using openldap-server-2.4.38_1 on FreeBSD 9.1-RELEASE-p5.
1) can I get list of active (connected) schemes without viewing slapd.conf file?
2) how can I get description of obectClasses and/or ...
1
vote
2answers
19 views
Mac OS X LDAP query via dscl yields different results for same user with same datasource
Where is the NFSHomeDirectory attribute stored for a Mac user who authenticates via LDAP? It doesn't seem to be in the LDAP database on the backend so I assume Open Directory is involved.
I have 2 ...
0
votes
0answers
28 views
Override LDAP login shell for a specific user in RHEL
How in RHEL do I specify /sbin/nologin shell to limit a user to SFTP access only when their shell is determined by their LDAP profile? chsh only works with passwd file users I believe.
1
vote
2answers
57 views
Edit home directory for an LDAP user in Linux
I have an LDAP user who accesses a server based on having the appropriate LDAP host attribute via sssd. This user does not show up in /etc/passwd because he is not local. How do I modify his home ...
0
votes
1answer
44 views
getent passwd when nsswitch passwd setting is: files ldap
If nsswitch has passwd: files ldap set, and I do getent passwd will it first run down the /etc/passwd list and then go through every user in LDAP? That seems to be what happens. I tried it on a ...
0
votes
1answer
54 views
Why am I getting git error “remote: error: unable to create temporary file: No such file or directory” on push?
This problem is getting weirder.
My original post follows, but here is the new thing I discovered:
I executed
git push
and it gave me its usual error:
Counting objects: 9, done.
Delta ...
0
votes
0answers
34 views
How to get all ldap groups for a user
I have no direct access to LDAP, but I am a user in LDAP and can make queries using ldapsearch. How can I query LDAP to get all LDAP groups for a particular user? Also is there an easy way to get ...
0
votes
0answers
13 views
trac ldapplugin ERROR: LDAP error: Operations error
on version 0.10.4 on centos 32 bit using python 2.4 i am trying to install and use ldaplugin to assign permissions to users and groups in AD. i have followed this guide ...
1
vote
0answers
34 views
how to set up ldap and trac
I have set up kerberos authentication with trac which works well. Now I want to use AD groups and users for trac permissions using the trac plugin Configuration for LdapPlugin. I have been following ...
2
votes
0answers
110 views
Changing Samba/LDAP password with passwd
We've installed CentOS Directory Server (389 DS) and have Samba using it as a backend. This works great except that when enabling password syncing in the smb.conf it is only synced one way. I could ...
2
votes
1answer
32 views
The importance of the order in domain controler names for setting an LDAP server, is there any reason?
I wonder if there is any reason to speficically put the domain controlers in the proper order, when configurung a LDAP server using autofs.
For example if specify on a RedHat/CentOS the dc domain ...
0
votes
0answers
45 views
Local servers (behind NAT) on vpn with email servers and sync with a central email server open to internet
What I have
I have a number of Linux (Ubuntu) servers (20 as of now but may grow over time to hundreds) connected to each other via private VPN (OpenVPN) which serve intranet web application (Apache ...
0
votes
0answers
30 views
setup domain master and ldap master
I want to build active domain controller master - master as below:
1 server run windows server 2008 R2 make domain controller
1 server run CentOS 6.4 make LDAP + SAMBA
Can I do this problem?
Now, My ...
0
votes
1answer
152 views
How to create LDAP bind account in Centos/RedHat that allows me to search by [email protected]
I am creating an LDAP directory and searching by the full DN shows the proper results.
$ ldapsearch -x -D "cn=ldapbind,dc=server,dc=com" -w bind
I want / need to be able to search using the email ...
1
vote
1answer
200 views
Attempting to detect acceptable LDAP base DN defaults for various directory servers in a bash script
Basically, I'm writing a script that determines an acceptable default for a base DN when pointed at a particular hostname. I'm wrapping it around ldapsearch output.
I can do Active Directory by ...
1
vote
0answers
43 views
RHEL6 LDAP client not listing all the groups
Using sssd I have a RHEL6 client configured to login using LDAPS. The login works, but if the user logged in is assigned to more than 1 group at the LDAP level, groups only returns 1 group?
Could I ...
4
votes
1answer
333 views
Changing password in multiple boxes using script
I'm working in a environment which has around 400 AIX boxes. I don't have root access and I'm a normal user. The environment has no LDAP kind of centralized mechanism for authentication so the ...
-1
votes
1answer
226 views
SSH key based login bypasses password policies
I noticed that logins via an SSH key bypass the LDAP password policies
(password ageing, password warning, and password lockout due to failed
attempts, etc). Is there any way to force key-based ssh ...
1
vote
1answer
77 views
LDAP : one suffix : search multiple separate Active Directory
I have configured an OpenLDAP 2.4.23 as a proxy to multiple separate Active Directory, it works fine when each AD as a different suffix/search base.
I have an use case to fullfil : one application ...
0
votes
1answer
244 views
Configuring proftpd and mod_ldap.c query not working - any ideas?
I'm trying to get a ProFTPD to ldap auth on a Active Directory base. I still couldn't figure out what could be wrong with my configuration since, executing a ldap query with ldapsearch seems fine
...
1
vote
2answers
236 views
Prevent root password change in ldap - debian
After setting up ldap authentication with pam in debian, evertything works fine.
Using the passwd command change the ldap password of the current user.
The problem is my ldap has been set up with an ...
2
votes
2answers
91 views
Browse LDAP strcuture using Solaris pre-packaged command?
I have used ldapsearch to pull details on accounts but is there a way to browse the different levels in the LDAP directory just like we do with files in a directory?
2
votes
1answer
265 views
How do find the LDAP connection details that the Solaris box uses to authenticate users?
The Solaris box is configured to use LDAP and has no local user accounts.
This is the output of the nsswitch.conf file:
bash-3.2$ less /etc/nsswitch.conf
passwd: files [NOTFOUND=continue] ldap
...
2
votes
1answer
1k views
Openldap backup restore
I am trying to setup backup and restore and make sure it works.
Please note that database size on ldap.old is lot more then the ldap. The /var/lib/ldap.old is my existing database. I have renamed ...
2
votes
1answer
437 views
Where does Samba 4 store user passwords?
Where does Samba 4 store user passwords? How can I import my password hashes from Samba 3 in Samba 4?
I am using my own LDAP server with samba 3, and the password hash is stored within the ...
1
vote
1answer
64 views
Nexenta (Solaris), strange user membership from LDAP
Anybody help me, why do run id command in the Nexenta OS (Solaris+Ubuntu), i get different result?
a_ay@nexenta:/etc$ id -G
513 512 1000 201 203 1010 1013 1019 1020 1036 1039 1040 1041 1045 1046 1047
...
0
votes
0answers
91 views
user permission with ldap server
I am trying to setup a ldap server which authenticate each user with its respected permissions i.e Full or read-only access to each server.
We don't want to create each user manually on each server.
...
2
votes
0answers
2k views
LDAP authentication broken with upgrade to CentOS 6.4 (sssd)
I have OpenLDAP server:
@(#) $OpenLDAP: slapd 2.4.23 (Aug 8 2012 16:29:21)
In my configuration have group:
ldapsearch -x -b 'cn=groupname,ou=UnixShell,ou=Services,o=example,c=ru'
# extended LDIF
...
0
votes
1answer
118 views
openldap supplementary groups not showing up on certain servers
i have a couple of servers that fail to display newly added supplementary groups. Example, I have a user, which you run id and his groups come up.
id
groupblah, groupblahblah , groupblahblahblah
...
1
vote
1answer
672 views
Set up chroot for LDAP users in RHEL6
I have been working on this for 2 days now and am about to give up so someone please help.
I have a Red Hat 6 server joined to my active directory domain. Logins work just fine under normal ...
4
votes
3answers
684 views
Restrict ssh login from LDAP to users who have a /home directory
I have an Apache server (RHEL 6) hosting multiple user web pages which currently is connected to my Active Directory environment to authenticate users. The server is used to automatically host content ...
2
votes
1answer
1k views
How to make ldapsearch working on SLES over tls using certificate?
We need to connect our php script to LDAP over tls using a certificate. LDAP connection works nicely without tls. More details here ...
3
votes
2answers
402 views
How do I create a hierarchy of UNIX groups as below?
I need to create a hierarchy of UNIX groups. Something like below:
A
|\
| \
B c
|\
D e
|\
f g
...where A, B and D are UNIX groups and c,e,f and g are UNIX accounts that are members of those ...
1
vote
2answers
107 views
Automation of openldap installation
In my group we often install ldap on new servers. We have two different configurations currently. A mirrored configuration and just a regular standalone configuration.
The installation process gets ...
0
votes
1answer
2k views
samba with OpenLDAP - NT_STATUS_NO_SUCH_USER
To start off, shit's about to hit the fan and i need your help!
I'm so short of time that i can't begin to describe everything i've done and not done, but i have a problem and hope you can help!
...
2
votes
1answer
843 views
Failed to start slapd in CentOS
I was trying to setup an LDAP server for my development. For this purpose, I have chose CentOS 6.3 install it in VirtualBox host in Fedora 17. I'm following this tutorial to guide me on this setup, ...
5
votes
2answers
468 views
OpenLDAP Password Policy overlay error while loading
I'm trying to load the password policy overlay but i'm having the following error
ldapadd -Wx -D "cn=Manager,cn=config" -f overlay.ldif
Enter LDAP Password:
adding new entry ...
2
votes
0answers
91 views
OpenLDAP error while adding an ACL
I'm trying to add an ACL to my DIT and I get the following:
Enter LDAP Password:
modifying entry "olcDatabase={0}bdb,cn=config"
ldap_modify: No such object (32)
matched DN: cn=config
This ...
1
vote
0answers
103 views
AIX auditing for LDAP users
I've discovered a problem with the way AIX uses auditclasses to determine which system calls are audited. If a user is defined in LDAP, their auditclasses attribute is blank. I found an APAR which ...
1
vote
1answer
38 views
Do any openldap tools support the Authorization Identity Response Control?
I have a fedora 389 directory server and cannot use ldapwhoami because it is not supported.
However, 389-ds does support the following controls which are supposed to offer similar functionality:
...
1
vote
2answers
188 views
ldapsearch error “Invalid general option name” for every option
Whenever I try to use ldapsearch with a -o option I get the following error:
Invalid general option name:
An example command I am trying to run (taken from redhat documentation):
ldapsearch ...
0
votes
0answers
149 views
Need help configuring Fedora client authentication for 389 server with Kerberos
Trying to setup kerberos authentication with 389-ds and having trouble figuring out how the two fit together.
Here is my setup:
A CentOS 6 VM (centos01) where I setup bind, 389 ds, and kdc services
...
11
votes
3answers
480 views
Groups differ from the local ones when logging in remotely
We store our users in LDAP, alongside some groups that have meaning across different systems (organizational roles including wheel). There are also groups local to workstations, e.g. audio or video ...
0
votes
2answers
620 views
Samba not working through AD
I'm trying to get a samba to work with a windows AD. And i can't use my shares through samba.
My smb.conf
#GLOBAL PARAMETERS
[global]
workgroup = MY_DOMAIN
realm = MY_DOMAIN.COM
preferred ...
3
votes
1answer
329 views
Samba passwords expiring in x days - how do we fix them to not expire
We use OpenLDAP and Samba v3. Recently some Samba-defined users (no accounts on the shared linux server) started being listed in logwatch as having their passwords come up to "will expire"...I ...
3
votes
1answer
329 views
Multiple PCs network centralized system authentication
(I couldn't really choose an accurate title as I don't know exactly what the feature I'm looking for is called. Sorry about that. I hope that the following lines may clear this aspect.)
I own a dozen ...
1
vote
1answer
123 views
How to filter group membership from the ldap server?
Context : We have a Ubuntu 12.04 with authentication done on a ldap server.
Unfortunately, one (ldap) user belongs to a (ldap) group named "admin".
I know there is the option ...
