the Lightweight Directory Access Protocol (LDAP), a protocol used for modifying and querying items stored in directory services
1
vote
1answer
20 views
How to manage groups, home directories and shell for Linux users authenticating via AD using SSSD?
I need to set up few Linux machines to have users authenticate to them via AD using SSSD, how do you manage the users groups, home directories and shell for the user accounts on AD, is there a way ...
0
votes
1answer
22 views
Showmount -e localhost is empty?
I want to make a configuration of LDAP using NFS and I made a file /etc/exports:
/data -rw *(rw,no_root_squash)
when I execute this command:
showmount -e localhost
I got nothing.
Why ...
4
votes
1answer
80 views
PAM vs LDAP vs SSSD vs Kerberos
I am basically aware of what these services do separate from each other. What I want to know: what exactly happens on a successful login in a linux based network that uses all of these services? In ...
0
votes
1answer
16 views
Restsrict LDAP Group CentOS 7
Setting up LDAP Login was easy enough for me using the following...
yum -y install openldap-clients nss-pam-ldapd git
Basic Configuration
authconfig --enableldap \
--enableldapauth \
--ldapserver={...
2
votes
0answers
75 views
getent shadow shows password hashes for some users
If I execute
sudo getentshadow
I see password hashes for all the local users who have them. For most of the LDAP accounts I only see * in the password field. However, for a few LDAP users, I see ...
1
vote
0answers
59 views
How to Create local user in LDAP enabled linux systems
During my application install, I used to create a new group and a new user using the 'groupadd' and 'useradd' commands
groupadd my_group
useradd -r -s /sbin/nologin -g my_group my_user
But in one of ...
1
vote
1answer
49 views
php: compiling with openssl, ftp, ldap, curl support in debian gnu/linux
I'm trying to compile php 5.2.x in debian gnu/linux:
./configure --with-ldap --enable-ftp --with-apxs2 --with-mcrypt
--enable-bcmath --with-bz2 --enable-calendar --enable-dba=shared --enable-exif ...
0
votes
0answers
31 views
How do I configure slapd as a simple LDAP “addressbook” server on OS X?
I've asked this question already on http://apple.stackexchange.com, but since this isn't really a Mac-specific question, I thought I'd ask here - maybe someone can help me.
tl;dr: I want to configure ...
1
vote
0answers
19 views
What defines pam password hashing?
I have been running into an issue with pam password hashing. It seems no matter what I do on my RHEL based systems they always hash passwords based on MD5.
My goal here is to have ldap users who use ...
0
votes
0answers
25 views
How can I test my LDAP server in guest CentOS 7 from my host (Windows 10)?
I have installed and configured openldap-servers, and now I would like to test connecting to it from my Windows 10. I have connected, and I have like folders on it.
But how could I create files in my ...
1
vote
1answer
62 views
apt-get doesn't find phpldapadmin in Debian 9 (Stretch)
I am trying to install the phpldapadmin package in order to test the LDAP server that I have installed, but when I try to run apt-get install phpldapadmin it says that the phpldapadmin package is not ...
2
votes
1answer
33 views
Installing Freeradius-LDAP 3.x from PPA - Repository
Initially I've installed Freeradius from stable branch as follows:
apt-get install python-software-properties
apt-add-repository ppa:freeradius/stable-3.0
apt-get update
apt-get install freeradius ...
2
votes
0answers
46 views
/etc/pam.d configuration
This is an example of the /etc/pam.d/sshd configuration file on a FreeBSD 11.0 freshly-installed system:
#
# $FreeBSD: releng/11.0/etc/pam.d/sshd 197769 2009-10-05 09:28:54Z des $
#
# PAM ...
0
votes
0answers
41 views
Restore an LDIF backup of an LDAP server to a new install of OpenLDAP
I've tried to restore an ldif backup of an LDAP server to a fresh Centos 7 machine on which I've installed OpenLDAP to. I've been using these instructions https://www.server-world.info/en/note?os=...
1
vote
2answers
44 views
Ldap SSH Login not working - Same configs worked on 20+ other servers - Ubuntu
So I have setup LDAP Login on every server at my work successfully except one. Of course there has to be that one! And I want to close my jira ticket, but I can't figure out what the issue is. The ...
0
votes
0answers
29 views
What can possibly cause a website connection timeout when HTTPD service is running and iptables is off?
I'm using a CentOS 6.8 VM as my LDAP server. We are using phpldapadmin so we can configure our LDAP settings through the GUI that is supposed to be accessible by going to an internet browser and ...
0
votes
0answers
39 views
getent passwd not displaying users on the server
I'm new to using ldap, anyway I had my server and client configured and before I was able to enter "getent passwd" and my users would be displayed in the server. Then I decided to have a play around ...
0
votes
0answers
27 views
openldap memberof overlday issue
We need memberOf attributes in ldap for some application and i am trying to configure with openldap but something is not right. I am following following document
http://www.adimian.com/blog/2014/10/...
3
votes
0answers
35 views
Error message on nonexistent home dir (pam.d/* settings)
I have a host running Debian 8. I set LDAP authentication, but the home directory is not created. I added in common-session:
session optional pam_systemd.so skel=/etc/skel/ umask=0077
It ...
0
votes
0answers
14 views
Do I need to restart the machine after the machine joined a realm?
I am configuring the authentication & authorization for Hadoop security.
I need Kerberos implementation system for authentication and LDAP implementation system for username group mapping, ...
0
votes
0answers
36 views
getent group not listing members from LDAP PosixGroup
I have a LDAP PosixGroup with several uniquemembers. But when I do a
getent group {ldap_group_name}
it just displays the groupname and the gidnumber but no members. Please advise.
0
votes
1answer
34 views
What does host netgroup mean in the context of sudoHost in Sudoers LDAP Schema
ref: https://www.sudo.ws/man/1.7.4p6/sudoers.ldap.man.html
What does host netgroup mean in the context of sudoHost in Sudoers LDAP Schema.
Can you please give an example of how to set this up?
1
vote
0answers
46 views
Change base DN of LDAP Directory to Organization
I am trying to setup an ldap server for a small lab. The server is currently running Ubuntu 16.04.
The idea is to use the lab's name as the base DN of the directory.( Currently,
its being set to ...
1
vote
0answers
67 views
Lock screen not locking with LDAP on CentOS 7
On my system some users authenticate with LDAP, others have their password stored locally (standard).
The problem is that LDAP-users cannot lock the screen. When pressing Windows-Key + L the screen ...
0
votes
0answers
33 views
Limit Openldap Transaction Log Disk Usage
Openldap (specifically version 2.4) stores transaction history in log files by default in the ldap data directory (so /var/lib/ldap/log.###########). Currently these log files take up a lot of space, ...
0
votes
1answer
74 views
perform ldapmodify from remote server
I am trying to perform an ldapmodify from a remote host to modify entries on my ldapmaster. I already installed slapd on my host because I need mkntpwd binary, the server is not configured, and I also ...
1
vote
1answer
28 views
Enabling SASL authentication mechanisms in openLDAP using OLC
All of the information that I have been able to find about enabling SASL mechanisms for openldap still use the slapd.conf method while all modern LDAP directories have elected to use OLC over a static ...
0
votes
0answers
176 views
Ldap group filter - nslcd
I have this base search on nslcd.conf:
base o=xxx,dc=xxxxx,dc=xx
and everything works fine.
But I have a problem, I have a web admin page on this server and the list of "getent passwd" is too long (...
0
votes
0answers
83 views
LDAP Group Restriction not working - Require ldap-group - Apache 2.4
I found what seems to be the line of code I need, but it's just not working and I can't figure out why. Everything is working mostly, I can log in via local HTPASSWD or LDAP, but my ldap group "fail" ...
2
votes
0answers
63 views
sudo su error messege through LDAP
I managed to get an authentication through ldap on my SLES 12 machine, but I can't set a certain group as sudoers.
My suders entry looks as follows:
%LNX-ADMIN-vibe3 ALL=(ALL) NOPASSWD:ALL
But all I ...
0
votes
0answers
17 views
Sudoers Config doesn't recognize my LDAP Path
This is related to my last post.
I'm using SLES12 and I tried to set up an sssd connection with my edirectory server.
It seems to work because users get recognized and can log into the machine.
...
1
vote
1answer
352 views
Change default login shell to /bin/bash for ALL ldap users from LDAP server - not client
Perhaps my google kungfu is not doing great today, but I found ways to apparently do this for each user (one by one) on the client side, or even a way to do it from the ldap side with ldapmodify again ...
1
vote
0answers
57 views
Get Sudoers through LDAP. (SUSE Linux Enterprise Server 12)
I have a Problem with my LDAP configuration on SUSE Linux Enterprise Server 12.
As many of you know, the ldap.conf has been replaced with the sssd.conf and a couple of other conf files like the ...
0
votes
1answer
49 views
Sudo issue on AIX LDAP server
When a user tries to sudo to root he recieves the error :
ldap_start_tls_s(): Can't contact LDAP server.
What causes this problem?
1
vote
1answer
43 views
“map passwd uid” equivalent in sssd
nslcd.conf has "map passwd uid" to map attributes that will be used as the Login username. What is the sssd.conf equivalent of that?
0
votes
1answer
148 views
error reading from nslcd: Connection reset by peer
I have a CentOS 7 machine that output the following to the /var/log/secure after every machine restart. I have to manually stop and restart the nslcd service to make these errors go away.
error ...
1
vote
0answers
58 views
Why is LDAP trying to connect by hostname instead of localhost?
I have set up an LDAP server on localhost and generated certificate with CN=localhost. But when I run the command
ldapsearch -H ldap://localhost -D "..." -w password -ZZ -d1
I get the error
...
...
3
votes
1answer
36 views
Files that need to be updated in /etc/pam.d/ for nss-pam-ldapd support for SSH
/etc/pam.d/ has several files and running auth-config updates many of those. I need to know exactly which file needs to be updated to support LDAP based login using SSH / Console.
1
vote
0answers
70 views
users can not do su to other LDAP user
I 'm thinking my authentication is working well and PAM is configured on my Debian server because :
If I do a ssh connection with a LDAP user it's working with password
If I do a ssh connection with ...
2
votes
0answers
626 views
How to change password of LDAP user?
Is it possible to change password for logged in LDAP user using passwd command?
I have logged in to server1 using testuser. Trying to change password for itself (testuser) and got the below error.
...
0
votes
0answers
8 views
In nss ldap is it possible to change the default passwd access filter?
I'm trying to bend a QNAP device to my will and not quite getting there.
This seems like it should be simple but can't get it to work.
The device is linked to an Open Directory (OSX ldap v3) and ...
0
votes
1answer
55 views
rbash for ssh ldap users
I have some ssh ldap users who connect to my server (centos7) for reset their password.
I would like they use rbash for execute passwd command but I don't know how to do.
I can't add rbash to /etc/...
0
votes
1answer
25 views
Does LDAP take care of all users and groups on a system?
I have been following the tutorial here to try out LDAP. I know that a Linux system has groups like mysql, sudo, video, dial-out etc. Do I need to add these to my directory? Are these served via LDAP ...
2
votes
0answers
67 views
howto login into system with LDAP creds when server with LDAP is offline
I have Ubuntu 14.04 and LDAP as center of authentication. It works fine until LDAP server is online. Sometimes network is going to down between LDAP and other servers and LDAP is unavailable, so ...
1
vote
1answer
38 views
Ldap error doesn't redirect to file
I'm running a loop querying ldap server for a single dn every time, just to see if it's running okay. I want to output both the successful and unsuccessful responses to a file and while the former ...
0
votes
1answer
213 views
how to load an LDAP client cert RHEL7 authconfig-tui
I have a RHEL7 machine that needs to be configured as an LDAP client (user/auth, using authconfig-tui).
When finishing authconfig-tui, it says, just copy the cert to /etc/openldap/cacerts, which I ...
1
vote
0answers
224 views
samba4's ldbsearch complains about authentication for basic searches
So I understand the concept of binding to a LDAP server of any kind and performing either authenticated or anonymous queries.
And my goal is to get the full dn=...dc=example,dc=com for a specific ...
1
vote
1answer
82 views
How to start a service on boot after ldap account is available
I have a machine hosting an LDAP database and services on other machines run as users from that database. Because the user accounts does not exist locally, the services fail to start when those ...
0
votes
1answer
101 views
Use an alternate /etc/ldap.conf with ldap search
I would like to perform ldap queries using an alternate file (which is intended to be used with pam.d and so have the same format as /etc/ldap.conf)
I think of using ldapsearch. In the manual, I ...
2
votes
0answers
55 views
Override local sudo defaults using sss or ldap
I'm trying to to configure an IPA domain to use the following sudo options for a specific command group:
!authenticate
!requiretty
visiblepw
Locally, the following defaults are set in /etc/sudoers:
...
