topic Re: LDAPUX integration issues. in Operating System - HP-UX

LDAPUX integration issues.

Lee Chin Ken — Wed, 17 Dec 2008 12:37:16 GMT

Hi,

I am currently in the midst of setting up LDAPUX 4.17 for my company users to do authentication via our LDAP server ( Sun One ) instead of authenticate on physical server.

Btw, my company server are running on HPUX 11.11 with Gold Patch Dec 2007.

I have basically execute /opt/ldapux/config/setup and I have furnished with all the necessary information.

eg:-
1)Directory Server ( Netscape or Red Hat Directory )
2)Directory server host
3)Directory Server port number
4)No printer Schema, no automount schema
5)Profile Entry DN

and I have changed the necessary config on /etc/pam.conf, /etc/nsswitch.conf and /etc/opt/ldapux/ldapclientd.conf as attached.

Right after this, I am able to add a new user to ldap server via command ldap_new_entry command and do query via ldapsearch command but I could not authenticate my password which I have set on ldap server with encryption SHA mode

and this is my screen shot while login via my ldap login:-

HP-UX alpha B.11.11 U 9000/800 (tb)

login: leeck
Password:
LDAP Password:
Login incorrect

Wait for login retry: ..
login:

Can anyone assist me on this. Really appreciate your help.

Regards,
Ken

Re: LDAPUX integration issues.

Steven E. Protter — Wed, 17 Dec 2008 13:21:33 GMT

Shalom Ken,

I struggled with this and worse as we tried to integrate with windows.

I'm not fully sure this LDAP combination has been fully de-bugged.

I'd take logs /var/adm/syslog/syslog.log and server logs and see if you can find something interesting to post.

Check for a newer version of LDAP client and improvements on the server side.

SEP

Re: LDAPUX integration issues.

Wim Rombauts — Thu, 18 Dec 2008 08:03:06 GMT

I used LDAP/UX to integrate with Microsoft AD and the integration was up and running easily. Although the integeration is made up of a set of loose components.
-> You need to configure the user "database" to look at /etc/passwd AND LDAP
-> Independent of that, you need to configure the authentication to look into /etc/passwd AND LDAP.

So these are independent configurations.

Do you know the command pwget ? You can try and see if it returns all the users (from /etc/passwd and LDAP) you expect to see. And grget if you have groups in the LDAP you wish to integrate with your system.
These commands may show if your system is able to "see" the LDAP users and groups. I think (= I am not sure) that this is the first step to be sure of.

In my /etc/nsswitch.conf, I have set files first (so that user "root" in /etc/passwd preceeds a possible user "root" in the LDAP).
Maybe that makes a difference ?

Any further issues are probably in /etc/pamconf. I have HP-UX 11.23 running, and I have the impression that /etc/pam.conf has some additional libraries compared to HP-UX 11.11, so my pam.conf is not really a reference for you.