Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
cancel
Showing results for 
Search instead for 
Did you mean: 

LDAPUX and Informix

Juan González
Trusted Contributor

LDAPUX and Informix

Hi,
we have a system with HPUX 11.0 and the product LDAPUX installed and configured. We also have a Informix database on it. The problem is that while local users (in /etc/passwd) are able to connect to the database LDAP users are not.
At first I supposse that Informix doesn't use PAM authentication (this is true) so it might use getpwnam() and then compare the crypted passwords. In fact getpwnam() works with LDAP users but it doesn't get the crypted passwd (it gets *) so Informix can't compare with the password provided by the user.
To solve this I made some changes in the LDAPUX configuration and I get that getpwnam() works fine with LDAP users, i.e. it returns the crypted passwd...

...but LDAP users still can't connect to the database.

I hope someone has had the same problem and can give some lights on it.

Best regards
JGM
3 REPLIES
Rainer von Bongartz
Honored Contributor

Re: LDAPUX and Informix

Juan,

just the same situation here:
hpux 11.0, ldapux, and IDS 7.31
I tried a lot of things to get it work, but i failed !!!!
I was not able to configure it the way we both obviously want.
Lately i managed it by creating a passwd file from the contents of my LDAP server (scripts using ldapsearch etc.)
I synchronize my passwd file with the information from LDAP
If you should find any other solution please let me know

Sorry I could offer no further help.

rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
Elmar Knipp
Advisor

Re: LDAPUX and Informix

Juan,

how did you manage to enforce that getpwnam() does return the encrypted password instead of the asterisk?

This is currently my problem. I need it for an IMAP-Server (WU-IMAP).

Regards,
Elmar
Juan González
Trusted Contributor

Re: LDAPUX and Informix

Hi Elmar,

to allow getpwnam() to get the encrypted password one of the LDAPUX profile attributes has to be changed.

The LDAPUX profile is a ldap object. The PROFILE_ENTRY_DN entry in the file
/etc/opt/ldapux/ldapux_client.conf
points to that object.

The attribute that must be change is:
Attribute: attributeMap
Value: passwd:userpassword=*NULL*

to
Value: passwd:userpassword=msSFUPassword (I believe is msSFU30Password in SFU 3.0 and SFU 3.5)

You can change it using al LDAP editor. I like LDAPBrowser.

Anyware, I recommend you to use an IMAP server that supports PAM. It's more secure.

Best regards,
Juan