Re: Connect Solaris ldapclient to a Oracle internet directory

From: denis <Denis.Nicklas_at_googlemail.com>
Date: Wed, 18 Jun 2008 07:28:01 -0700 (PDT)
Message-ID: <184c780d-b2e2-4a9a-b297-cf113aa65598@y21g2000hsf.googlegroups.com>

On 18 Jun., 16:19, "Shakespeare" <what..._at_xs4all.nl> wrote:
> "denis" <Denis.Nick..._at_googlemail.com> schreef in berichtnews:e32cfdef-3bac-40e1-a4d5-a5edb5d5392c_at_25g2000hsx.googlegroups.com...
> On 18 Jun., 15:48, "Shakespeare" <what..._at_xs4all.nl> wrote:
>
>
>
>
>
> > "Shakespeare" <what..._at_xs4all.nl> schreef in
> > berichtnews:485910d1$0$14342$e4fe514c_at_news.xs4all.nl...
>
> > > "denis" <Denis.Nick..._at_googlemail.com> schreef in bericht
> > >news:b3ca07d0-d334-4230-bed6-6d334a1acdc9_at_i76g2000hsf.googlegroups.com...
> > >> Hi,
>
> > >> I am looking for informations howto connect Solaris native ldapclient
> > >> to a Oracle internet directory.
> > >> Or a solution for the following problem:
> > >> Solaris 10
> > >> ldapclient init works
> > >> ssh with a ldap user doesn't
> > >> error:
>
> > >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 219349 auth.debug]
> > >> pam_unix_auth: user MYUSER not found
> > >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 453631 auth.debug] tid= 1:
> > >> Adding connection (serverAddr=xxx.xxx.xxx.xxx:389)
> > >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 776464 auth.debug] tid= 1:
> > >> Initialized sessionPool
> > >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 816976 auth.debug] tid= 1:
> > >> Connection added [0]
> > >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 467101 auth.debug] tid= 1:
> > >> connectionID=1024
> > >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 805042 auth.debug] tid= 1:
> > >> shared=1
> > >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 982078 auth.debug] tid= 1:
> > >> usedBit=0
> > >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 727660 auth.debug] tid= 1:
> > >> threadID=1
> > >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 577507 auth.debug] tid= 1:
> > >> serverAddr=xxx.xxx.xxx.xxx:389
> > >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 939703 auth.debug] tid= 1:
> > >> AuthType=0
> > >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 142272 auth.debug] tid= 1:
> > >> TlsType=0
> > >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 537450 auth.debug] tid= 1:
> > >> SaslMech=0
> > >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 625532 auth.debug] tid= 1:
> > >> SaslOpt=0
> > >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 323218 auth.debug] tid= 1:
> > >> unlocking sessionLock
> > >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 800047 auth.info] Keyboard-
> > >> interactive (PAM) userauth failed[13] while authenticating: No account
> > >> present for user
> > >> Jun 18 11:29:40 sissunws1 sshd[8033]: [ID 800047 auth.info] Failed
> > >> keyboard-interactive for <invalid username> from xxx.xxx.xxx.xxx port
> > >> 1463 ssh2
>
> > >> ldapclient list
> > >> NS_LDAP_FILE_VERSION= 2.0
> > >> NS_LDAP_SERVERS= 10.0.0.1:389
> > >> NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=com
> > >> NS_LDAP_CACHETTL= 0
> > >> NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple
>
> > >> /etc/pam.conf
> > >> #ident "@(#)pam.conf 1.29 05/06/08 SMI"
> > >> #
> > >> # Copyright 2004 Sun Microsystems, Inc. All rights reserved.
> > >> # Use is subject to license terms.
> > >> #
> > >> # PAM configuration
> > >> #
> > >> # Unless explicitly defined, all services use the modules
> > >> # defined in the "other" section.
> > >> #
> > >> # Modules are defined with relative pathnames, i.e., they are
> > >> # relative to /usr/lib/security/$ISA. Absolute path names, as
> > >> # present in this file in previous releases are still acceptable.
> > >> #
> > >> # Authentication management
> > >> #
> > >> #
> > >> # login service (explicit because of pam_dial_auth)
> > >> #
> > >> login auth requisite pam_authtok_get.so.1
> > >> login auth sufficient pam_ldap.so.1
> > >> login auth required pam_dhkeys.so.1
> > >> login auth required pam_unix_cred.so.1
> > >> #login auth required pam_unix_auth.so.1
> > >> login auth required pam_dial_auth.so.1
> > >> login auth binding pam_unix_auth.so.1 server_policy
> > >> login auth required pam_ldap.so.1 debug
>
> > >> #
> > >> # rlogin service (explicit because of pam_rhost_auth)
> > >> #
> > >> rlogin auth sufficient pam_rhosts_auth.so.1
> > >> rlogin auth requisite pam_authtok_get.so.1
> > >> rlogin auth required pam_dhkeys.so.1
> > >> rlogin auth required pam_unix_cred.so.1
> > >> #rlogin auth required pam_unix_auth.so.1
> > >> #
> > >> # Kerberized rlogin service
> > >> #
> > >> krlogin auth required pam_unix_cred.so.1
> > >> krlogin auth binding pam_krb5.so.1
> > >> krlogin auth required pam_unix_auth.so.1
> > >> #
> > >> # rsh service (explicit because of pam_rhost_auth,
> > >> # and pam_unix_auth for meaningful pam_setcred)
> > >> #
> > >> rsh auth sufficient pam_rhosts_auth.so.1
> > >> rsh auth required pam_unix_cred.so.1
> > >> #
> > >> # Kerberized rsh service
> > >> #
> > >> #krsh auth required pam_unix_cred.so.1
> > >> #krsh auth binding pam_krb5.so.1
> > >> #krsh auth required pam_unix_auth.so.1
> > >> #
> > >> # Kerberized telnet service
> > >> #
> > >> #ktelnet auth required pam_unix_cred.so.1
> > >> #ktelnet auth binding pam_krb5.so.1
> > >> #ktelnet auth required pam_unix_auth.so.1
> > >> #
> > >> # PPP service (explicit because of pam_dial_auth)
> > >> #
> > >> ppp auth requisite pam_authtok_get.so.1
> > >> ppp auth required pam_dhkeys.so.1
> > >> ppp auth required pam_unix_cred.so.1
> > >> ppp auth required pam_unix_auth.so.1
> > >> ppp auth required pam_dial_auth.so.1
> > >> #
> > >> # Default definitions for Authentication management
> > >> # Used when service name is not explicitly mentioned for
> > >> authentication
> > >> #
> > >> other auth requisite pam_authtok_get.so.1
> > >> other auth required pam_dhkeys.so.1
> > >> other auth required pam_unix_cred.so.1
> > >> #other auth required pam_unix_auth.so.1
> > >> #other auth sufficient pam_krb5.so.1
> > >> other auth binding pam_unix_auth.so.1 server_policy
> > >> other auth required pam_ldap.so.1 debug
> > >> #
> > >> # passwd command (explicit because of a different authentication
> > >> module)
> > >> #
> > >> #passwd auth required pam_passwd_auth.so.1
> > >> passwd auth sufficient pam_passwd_auth.so.1 debug
> > >> passwd auth sufficient pam_ldap.so.1 debug
> > >> #
> > >> # cron service (explicit because of non-usage of pam_roles.so.1)
> > >> #
> > >> cron account required pam_unix_account.so.1
> > >> #
> > >> # Default definition for Account management
> > >> # Used when service name is not explicitly mentioned for account
> > >> management
> > >> #
> > >> other account requisite pam_roles.so.1
> > >> #other account required pam_unix_account.so.1
> > >> other account sufficient pam_unix_account.so.1 debug
> > >> other account sufficient pam_ldap.so.1 debug
> > >> #
> > >> # Default definition for Session management
> > >> # Used when service name is not explicitly mentioned for session
> > >> management
> > >> #
> > >> other session required pam_unix_session.so.1
> > >> #
> > >> # Default definition for Password management
> > >> # Used when service name is not explicitly mentioned for password
> > >> management
> > >> #
> > >> other password required pam_dhkeys.so.1
> > >> other password requisite pam_authtok_get.so.1
> > >> other password requisite pam_authtok_check.so.1
> > >> other password required pam_authtok_store.so.1
> > >> #
> > >> # Support for Kerberos V5 authentication and example configurations
> > >> can
> > >> # be found in the pam_krb5(5) man page under the "EXAMPLES" section.
> > >> #
> > >> krlogin auth required pam_krb5.so.1
> > >> krsh auth required pam_krb5.so.1
> > >> ktelnet auth required pam_krb5.so.1
>
> > Sorry, forgot to copy/paste the entries I was pointing at:
>
> > Are these entries
>
> > NS_LDAP_SERVERS= 10.0.0.1:389
> > NS_LDAP_SEARCH_BASEDN= dc=mydomain,dc=com
>
> > a) unmodified taken from your configuration?
> > b) correct?
>
> > Did you perform any preparations on the OID to make it work with Solaris
> > Ldap Client?
>
> > Shakespeare- Zitierten Text ausblenden -
>
> > - Zitierten Text anzeigen -
>
> yes, they are (the original values) because the ldapclient initialize
> sucessfully and ldapsearch works with these values.
>
> ====================================================
> Ok, if ldapsearch works, it looks like ldapcompare or ldapbind is not
> working. Could you check ldapcompare?
>
> Shakespeare- Zitierten Text ausblenden -
>
> - Zitierten Text anzeigen -

As far as I know the native Solaris ldap client doesn't have this commands.
I found only:
ldapadd ldapaddent ldapclient ldapdelete ldaplist ldapmodify ldapmodrdn ldapsearch Received on Wed Jun 18 2008 - 09:28:01 CDT

This message: [ Message body ]
Next message: Shakespeare: "Re: Memory problems, Oracle 10, Win 2003 (32 bit)"
Previous message: Shakespeare: "Re: Connect Solaris ldapclient to a Oracle internet directory"
In reply to: Shakespeare: "Re: Connect Solaris ldapclient to a Oracle internet directory"
Next in thread: Chris Ridd: "Re: Connect Solaris ldapclient to a Oracle internet directory"
Reply: Chris Ridd: "Re: Connect Solaris ldapclient to a Oracle internet directory"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message