Showing results for 
Search instead for 
Did you mean: 

LDAPUX and Informix

Juan González
Trusted Contributor

LDAPUX and Informix

we have a system with HPUX 11.0 and the product LDAPUX installed and configured. We also have a Informix database on it. The problem is that while local users (in /etc/passwd) are able to connect to the database LDAP users are not.
At first I supposse that Informix doesn't use PAM authentication (this is true) so it might use getpwnam() and then compare the crypted passwords. In fact getpwnam() works with LDAP users but it doesn't get the crypted passwd (it gets *) so Informix can't compare with the password provided by the user.
To solve this I made some changes in the LDAPUX configuration and I get that getpwnam() works fine with LDAP users, i.e. it returns the crypted passwd...

...but LDAP users still can't connect to the database.

I hope someone has had the same problem and can give some lights on it.

Best regards
Rainer von Bongartz
Honored Contributor

Re: LDAPUX and Informix


just the same situation here:
hpux 11.0, ldapux, and IDS 7.31
I tried a lot of things to get it work, but i failed !!!!
I was not able to configure it the way we both obviously want.
Lately i managed it by creating a passwd file from the contents of my LDAP server (scripts using ldapsearch etc.)
I synchronize my passwd file with the information from LDAP
If you should find any other solution please let me know

Sorry I could offer no further help.

He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
Elmar Knipp

Re: LDAPUX and Informix


how did you manage to enforce that getpwnam() does return the encrypted password instead of the asterisk?

This is currently my problem. I need it for an IMAP-Server (WU-IMAP).

Juan González
Trusted Contributor

Re: LDAPUX and Informix

Hi Elmar,

to allow getpwnam() to get the encrypted password one of the LDAPUX profile attributes has to be changed.

The LDAPUX profile is a ldap object. The PROFILE_ENTRY_DN entry in the file
points to that object.

The attribute that must be change is:
Attribute: attributeMap
Value: passwd:userpassword=*NULL*

Value: passwd:userpassword=msSFUPassword (I believe is msSFU30Password in SFU 3.0 and SFU 3.5)

You can change it using al LDAP editor. I like LDAPBrowser.

Anyware, I recommend you to use an IMAP server that supports PAM. It's more secure.

Best regards,