Re: [gentoo-user] openldap: taking too much of time to authenticate

Re: [gentoo-user] openldap: taking too much of time to authenticate

[Marc Blumentritt]

bijayant kumar schrieb:
> Marc,
>               I tried it also, but no luck this time also. Also i want to show you my /var/log/syslog also, which may be useful to rectify my problem :-
> 
> 
> Aug 28 16:18:01 bijayant slapd[8302]: conn=145 fd=16 ACCEPT from IP=127.0.0.1:49850 (IP=0.0.0.0:389)
> Aug 28 16:18:01 bijayant slapd[8302]: conn=145 op=0 BIND dn="cn=Manager,dc=kavach,dc=blr" method=128

What is it exactly, you are trying to do with
dn="cn=Manager,dc=kavach,dc=blr" ? This is your ldap rootdn. It is not a
unix-user.

> Marc Blumentritt <M.Blumentritt@tu-braunschweig.de> wrote:
> I looked again at your access rules in slapd.conf: try out these rules:
> 
> 
> -----
> 
> access to attrs=userPassword,gecos,description,loginShell
> by dn="uid=root,ou=people,dc=kavach,dc=blr" write
> by anonymous auth
> by self write
> by * none
> 
> access to *
> by dn="uid=root,ou=people,dc=kavach,dc=blr" write
> by users read
> 
> -----

Next thing I just realized: in your /etc/ldap.conf you set
nss_base_passwd to "ou=People,dc=kavach,dc=blr?one", while above
"people" is not starting with a capital letter! Correct this and while
you are at it, change the access rules to this:

---
access to attrs=userPassword,gecos,description,loginShell
by dn="uid=root,ou=people,dc=kavach,dc=blr" write
by dn="cn=Manager,dc=kavach,dc=blr" write
by anonymous auth
by self write
by * none

access to *
by dn="uid=root,ou=people,dc=kavach,dc=blr" write
by dn="cn=Manager,dc=kavach,dc=blr" write
by users read
---

Since manager is your rootdn, he should have access to everything. In
fact, do you really want a root account in your ldap? I think you do not
need, so if you aggree, delete the root lines in your access rules.

How to you plan to add users to ldap? I mean, which tools you use?

Regards,
Marc

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] [Solved] openldap: taking too much of time to authenticate

[bijayant kumar]

[-- Attachment #1: Type: text/plain, Size: 283 bytes --]


Marc,
            wow..!! Its worked for me this time. Many Many thanks to you. What a man you are....I will never forget you. You are really a genius guy.
Thanks once again.......
Regards
Bijayant Kumar


 Send instant messages to your online friends http://uk.messenger.yahoo.com 

[-- Attachment #2: Type: text/html, Size: 379 bytes --]

[gentoo-user] Re: [Solved] openldap: taking too much of time to authenticate

[Marc Blumentritt]

bijayant kumar schrieb:
> Marc,
>             wow..!! Its worked for me this time. Many Many thanks to you. What a man you are....I will never forget you. You are really a genius guy.
> Thanks once again.......

:)

Your welcome.
Marc

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Adding new user on LDAP directory

[bijayant kumar]

[-- Attachment #1: Type: text/plain, Size: 707 bytes --]

Marc,
            Hi... As i said that my problem is sorted out. Now, i want to do some enhancement in my project. I have installed the openLDAP server on my local machine. Thatswhy, every user on the local machine as well as  on the LDAP directory  are the same. I have created the directory by using the migration tools. The problem is now i want to add user only in the LDAP directory. Is it possible to add ? I am not able to directly edit the ldif file and add there, because in my ldif file there are entries like password, uid, gid. How can i do this without creating any more user on my local machine. 

Regards 
Bijayant

 Send instant messages to your online friends http://uk.messenger.yahoo.com 

[-- Attachment #2: Type: text/html, Size: 807 bytes --]

Re: [gentoo-user] Adding new user on LDAP directory

[Marc Blumentritt]

bijayant kumar schrieb:
> Marc,
>             Hi... As i said that my problem is sorted out. Now, i want to do some enhancement in my project. I have installed the openLDAP server on my local machine. Thatswhy, every user on the local machine as well as  on the LDAP directory  are the same. I have created the directory by using the migration tools. The problem is now i want to add user only in the LDAP directory. Is it possible to add ? I am not able to directly edit the ldif file and add there, because in my ldif file there are entries like password, uid, gid. How can i do this without creating any more user on my local machine. 
> 

we use here the smbldap-tools for adding/modifying/removing users in
ldap. These tools were designed for samba servers, but they can create
normal unix-accounts, too. With other tools I have no experince.

Cheers,
Marc
-- 
gentoo-user@gentoo.org mailing list