HPE Community
Operating System - HP-UX
1752796 Members
5807 Online
108789 Solutions
New Discussion юеВ

Re: LDAPUX and Informix

 
Juan Gonz├бlez
Trusted Contributor

тАО06-06-2001 11:48 PM

тАО06-06-2001 11:48 PM

LDAPUX and Informix

Hi,
we have a system with HPUX 11.0 and the product LDAPUX installed and configured. We also have a Informix database on it. The problem is that while local users (in /etc/passwd) are able to connect to the database LDAP users are not.
At first I supposse that Informix doesn't use PAM authentication (this is true) so it might use getpwnam() and then compare the crypted passwords. In fact getpwnam() works with LDAP users but it doesn't get the crypted passwd (it gets *) so Informix can't compare with the password provided by the user.
To solve this I made some changes in the LDAPUX configuration and I get that getpwnam() works fine with LDAP users, i.e. it returns the crypted passwd...

...but LDAP users still can't connect to the database.

I hope someone has had the same problem and can give some lights on it.

Best regards
JGM
0 Kudos
Reply
3 REPLIES 3
Rainer von Bongartz
Honored Contributor

тАО06-07-2001 02:09 AM

тАО06-07-2001 02:09 AM

Re: LDAPUX and Informix

Juan,

just the same situation here:
hpux 11.0, ldapux, and IDS 7.31
I tried a lot of things to get it work, but i failed !!!!
I was not able to configure it the way we both obviously want.
Lately i managed it by creating a passwd file from the contents of my LDAP server (scripts using ldapsearch etc.)
I synchronize my passwd file with the information from LDAP
If you should find any other solution please let me know

Sorry I could offer no further help.

rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
Reply
Elmar Knipp
Advisor

тАО09-19-2005 10:53 PM

тАО09-19-2005 10:53 PM

Re: LDAPUX and Informix

Juan,

how did you manage to enforce that getpwnam() does return the encrypted password instead of the asterisk?

This is currently my problem. I need it for an IMAP-Server (WU-IMAP).

Regards,
Elmar
0 Kudos
Reply
Juan Gonz├бlez
Trusted Contributor

тАО09-20-2005 01:06 AM

тАО09-20-2005 01:06 AM

Re: LDAPUX and Informix

Hi Elmar,

to allow getpwnam() to get the encrypted password one of the LDAPUX profile attributes has to be changed.

The LDAPUX profile is a ldap object. The PROFILE_ENTRY_DN entry in the file
/etc/opt/ldapux/ldapux_client.conf
points to that object.

The attribute that must be change is:
Attribute: attributeMap
Value: passwd:userpassword=*NULL*

to
Value: passwd:userpassword=msSFUPassword (I believe is msSFU30Password in SFU 3.0 and SFU 3.5)

You can change it using al LDAP editor. I like LDAPBrowser.

Anyware, I recommend you to use an IMAP server that supports PAM. It's more secure.

Best regards,
Juan
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.