HPE Community
Operating System - HP-UX
1824963 Members
3539 Online
109678 Solutions
New Discussion юеВ

Re: Ldap Authentication with HPUX

 
Giovanni Mancuso
New Member

тАО10-06-2008 09:19 AM

тАО10-06-2008 09:19 AM

Ldap Authentication with HPUX

Hi to all,
I'm using Sun one Directory Server with many PosixAccounts already provisioned.
I'm using this directory server to authenticate users across many systems (Linux, solaris, AIX), now I want add ldap authentication on HP-UX systems.
I found in internet the software LDAPUX to configure HPUX ldap authentication is there anyway to cofigure auth without it?
I noticed LDAPUX use posixDUAProfile and posixNamingProfile objectclass to manage profile. But i don't have this objectclass in my ldap.
If i run the LDAPUX setup, i have:

PFMERR 25: ou=Profile,dc=xx,dc=xxxxx,dc=xxxxxx does not exist
in the Directory Server!
Please create it before you create the Profile Entry!

But in my ldap there is this entry.

If i see the ldap log:

[06/Oct/2008:19:06:32 +0200] conn=347267 op=-1 msgId=-1 - fd=203 slot=203 LDAP connection from xxx.xxx.xxx.xxx:55518 to xx.xxx.xxx.xxx
[06/Oct/2008:19:06:32 +0200] conn=347267 op=0 msgId=1 - BIND dn="cn=Directory Manager" method=128 version=3
[06/Oct/2008:19:06:32 +0200] conn=347267 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[06/Oct/2008:19:06:32 +0200] conn=347267 op=1 msgId=2 - SRCH base="ou=profile,dc=xxx,dc=xxxx,dc=xxxxx" scope=0 filter="(objectClass=*)" attrs="dn"
[06/Oct/2008:19:06:32 +0200] conn=347267 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
[06/Oct/2008:19:06:32 +0200] conn=347267 op=2 msgId=3 - UNBIND
[06/Oct/2008:19:06:32 +0200] conn=347267 op=2 msgId=-1 - closing from xxx.xxx.xxx.xxx:55518 - U1 - Connection closed by unbind client -
[06/Oct/2008:19:06:32 +0200] conn=347267 op=-1 msgId=-1 - closed.

It found one entry.

Thanks and sorry in advance for my bad English.
0 Kudos
Reply
7 REPLIES 7
Steven E. Protter
Exalted Contributor

тАО10-06-2008 09:37 AM

тАО10-06-2008 09:37 AM

Re: Ldap Authentication with HPUX

Shalom,

ldap-ux is the only viable option. I've tried an openldap port for HP-UX and find it does not have the ability to do proper integration.

The ldap-ux setup script has two orientations, windows or Linux Unix based. admin access to the ldap master is required for the setup cript.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Giovanni Mancuso
New Member

тАО10-06-2008 02:51 PM

тАО10-06-2008 02:51 PM

Re: Ldap Authentication with HPUX

I use Linux Unix based mode and the user have admin access. How the log show:

[06/Oct/2008:19:06:32 +0200] conn=347267 op=1 msgId=2 - SRCH base="ou=profile,dc=xxx,dc=xxxx,dc=xxxxx" scope=0 filter="(objectClass=*)" attrs="dn"
[06/Oct/2008:19:06:32 +0200] conn=347267 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0

It finds one entry but ldapux doen't go.

Thanks
0 Kudos
Reply
Giovanni Mancuso
New Member

тАО10-07-2008 02:28 AM

тАО10-07-2008 02:28 AM

Re: Ldap Authentication with HPUX

If i execute:

# ldapsearch -h 127.0.0.1 -p 389 -s base -D "cn=Directory Manager" -w xxxxxxxxx -b "ou=profile,dc=xxxxx,dc=xxxxxxx,dc=xxxxxx" 'objectclass=*' dn

It find one entry:

version: 1
dn: ou=Profile, dc=xxxxx,dc=xxxxxx,dc=xxxxxxx

But for LDAPUX the entry doesn't exists:

PFMERR 25: ou=Profile,dc=xx,dc=xxxxx,dc=xxxxxx does not exist
in the Directory Server!
Please create it before you create the Profile Entry!
0 Kudos
Reply
Bob Neal-Joslin
Trusted Contributor

тАО10-07-2008 09:46 AM

тАО10-07-2008 09:46 AM

Re: Ldap Authentication with HPUX

Hi Giovanni,

We believe this is a known bug in how Sun DS has changed how it reports search results. This change caused parsing issues in our setup utility. Could you confirm? Please re-do your /opt/ldapux/bin/ldapsearch command and examine the output for "ldap_simple_bind: Success" in the output. If you see that then that is likely the problem. It is being addressed for our next release.

Bob
0 Kudos
Reply
Giovanni Mancuso
New Member

тАО10-07-2008 10:17 AM

тАО10-07-2008 10:17 AM

Re: Ldap Authentication with HPUX

Ok, thanks for the answer.
If i do:

# cd /opt/ldapux/bin/
# mv ldapsearch ldapsearch.test
# vi ldapsearch
#!/bin/sh
/opt/ldapux/bin/ldapsearch.test "$@" |grep -v '^ldap_simple_bind'
exit 0;

# chmod +x ldapsearch

Should it work?

Thanks
0 Kudos
Reply
Bob Neal-Joslin
Trusted Contributor

тАО10-07-2008 01:01 PM

тАО10-07-2008 01:01 PM

Re: Ldap Authentication with HPUX

I'm afraid I don't have a SunDS box to test with. But it might work. A similar option would be to disable the password policy control in the ldapsearch command (it's on by default). You could just add the -g option to the ldapsearch command instead of performing the grep. -g should prevent the ldap_simple_bind message from appearing.

Note, however, setup stills need to install the profile and the duaConfigProfile schema. I wasn't clear from your above message if you wanted to prevent installing this schema and profile, or if you were just mentioning that setup would not work properly and thus not allow you install them.
0 Kudos
Reply
Giovanni Mancuso
New Member

тАО10-09-2008 05:17 AM

тАО10-09-2008 05:17 AM

Re: Ldap Authentication with HPUX

Hi, now it works.

I modify ldapsearch and ldapmodify with -g option.

# cd /opt/ldapux/bin/
# mv ldapsearch ldapsearch.ori
# vi ldapsearch
#!/bin/sh
/opt/ldapux/bin/ldapsearch.ori -g "$@"
exit $?;

# chmod +x ldapsearch
# mv ldapmodify ldapmodify.ori
# vi ldapmodify
#!/bin/sh
/opt/ldapux/bin/ldapmodify.ori -g "$@"
exit $?;
# chmod +x ldapmodify

Thanks for support
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.