Sziasztok,
Van egy openldap szerver,amire az ldapsearch szépen visszaadja az értékeket:
[root@develpc04 etc]# ldapsearch -x -b dc=hotburger,dc=com -H'ldap://192.168.17.181'
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# hotborger.com
dn: dc=hotburger,dc=com
objectClass: organization
objectClass: dcObject
o: hotburger
dc: hotburger
description: Hotburger Devels Internals Users Group
# Devels, hotburgers.com
dn: ou=Devels,dc=hotburgers,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Devels
# Internals, Devels, hotburgers.com
dn: ou=Internals,ou=Devels,dc=hotburgers,dc=com
....
..
# Kovacs Laszlo, Users, Internals, Devels, hotburger.com
dn:: Y249R2VyZ2VseSBSw6Frb3NpLG91PVVzZXJzLG91PUludGVybmFscyxvdT1EZXZlbHMsZGM9a
G90Y29kZSxkYz1odQ==
cn:: R2VyZ2VseSBSw6Frb3Np
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount
userPassword:: e04E1aTaTbm50K2ysRmxranBa0dETFanPa1=
sn:: UsOha29zaQ==
uid: klaszlo
gidNumber: 100
homeDirectory: /home/klaszlo
uidNumber: 100
# search result
search: 2
result: 0 Success
# numResponses: 7
# numEntries: 6
Azonban ha gdm-ből auth. szeretnék, akkor az nem megy.
Igy néz ki az ldap.conf a kliensen:
host 192.168.17.181
base dc=hotburger,dc=com
suffix "dc=hotburger,dc=com"
uri ldap://192.168.17.181/
ldap_version 3
scope one
bind_timelimit 120
bind_policy soft
idle_timelimit 3600
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberUid
pam_password md5
nss_base_passwd ou=users,ou=internals,ou=devels,dc=hotburger,dc=com
nss_base_shadow ou=users,ou=internals,ou=devels,dc=hotburer,dc=com
nss_base_group ou=users,ou=internals,ou=devel,dc=hotburger,dc=com
#nss_base_hosts ou=Hosts,dc=example,dc=com?one
#nss_base_services ou=Services,dc=example,dc=com?one
....
..
és végül egy kis openldap.log debug -1:
<= check a_dn_pat: *
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: <= acl_mask: [1] applying read(=rscxd) (stop)
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: <= acl_mask: [1] mask: read(=rscxd)
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: => slap_access_allowed: read access granted by read(=rscxd)
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: => access_allowed: read access granted by read(=rscxd)
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: => access_allowed: read access to "cn=Kovacs Laszlo,ou=Users,ou=Internals,ou=Devels,dc=hotburger,dc=com" "uid" requested
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: => acl_get: [1] attr uid
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: => slap_access_allowed: result not in cache (uid)
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: => acl_mask: access to entry "cn=Kovacs Laszlo,ou=Users,ou=Internals,ou=Devels,dc=hotburger,dc=com", attr "uid" requested
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: => acl_mask: to value by "", (=0)
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: <= check a_dn_pat: *
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: <= acl_mask: [1] applying read(=rscxd) (stop)
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: <= acl_mask: [1] mask: read(=rscxd)
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: => slap_access_allowed: read access granted by read(=rscxd)
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: => access_allowed: read access granted by read(=rscxd)
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: => access_allowed: read access to "cn=Kovacs Laszlo,ou=Users,ou=Internals,ou=Devels,dc=hotburger,dc=com" "gidNumber" requested
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: => acl_get: [1] attr gidNumber
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: => slap_access_allowed: result not in cache (gidNumber)
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: => acl_mask: access to entry "cn=Kovacs Laszlo,ou=Users,ou=Internals,ou=Devels,dc=hotburger,dc=com", attr "gidNumber" requested
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: => acl_mask: to value by "", (=0)
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: <= check a_dn_pat: *
Jun 25 15:15:24 hotburger-srv0 slapd[1753]: <= acl_mask: [1] applying read(=rscxd) (stop)
.........
..
.
És nem authentikál be.
Előre is köszönöm a segítséget.
- 862 megtekintés
Hozzászólások
hali,
"scope one" - ez nem kiszem, hogy ok. Ha a base dc=hotburger,dc=com, akkor csak itt fog keresni es mivel a usered a ou=Internals,ou=Devels,dc=hotburgers,dc=com-ben van - idaig nem fog eljutni. Allitsd be subtree search-re.
Ha ez nem megy, en azzal kezdenem, hogy kiveszem az osszes ACL-t es lassuk, ugy megy -e? /etc/pam.d/gdm-be mi van? slapd.conf-ba mi van?
- A hozzászóláshoz be kell jelentkezni
huhh, köszönöm.Közben segítettek.A probléma baromi egyszerűen jogosultság gond,és ldap adatok hiányossága voltak.
Tanultam, jegyzeteltem.
Köszi
--
r@g3
- A hozzászóláshoz be kell jelentkezni