HPE Community
Operating System - HP-UX
1820707 Members
2768 Online
109627 Solutions
New Discussion юеВ

SSH and LDAP

 
Massimiliano Adamo
Occasional Advisor

тАО12-11-2005 02:29 PM

тАО12-11-2005 02:29 PM

SSH and LDAP

I am going to setup and LDAP server for authentication and sudo administration. I have seen a patch for OpenSSH allowing openssh to work with ldap (it's installed by default on gentoo linux).
At same time I have seen that hp-ux secure shell is based on openssh. Now I am trying to compile openssh with these extension, but I have no success in this operations.
The last error that I get is this one:
/usr/ccs/bin/ld: Unsatisfied symbols:
ber_sockbuf_io_tcp (first referenced in /usr/local/lib/libldap.a(open.o)) (data)
ber_free (first referenced in /usr/local/lib/libldap.a(result.o)) (code)
ber_memvfree (first referenced in /usr/local/lib/libldap.a(getdn.o)) (code)
ber_memrealloc_x (first referenced in /usr/local/lib/libldap.a(controls.o)) (code)
.... and so on.

Do you have idea?
--
Thanks
Massimiliano

Do you have an
0 Kudos
Reply
6 REPLIES 6
Arunvijai_4
Honored Contributor

тАО12-11-2005 03:46 PM

тАО12-11-2005 03:46 PM

Re: SSH and LDAP

Hello,

Try downloading and installing Internet Express OpenLDAP from http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111

Also, you can install and use HP's Secure Shell from http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Massimiliano Adamo
Occasional Advisor

тАО12-11-2005 04:34 PM

тАО12-11-2005 04:34 PM

Re: SSH and LDAP

Hello Arun.

first of all thanks for your help.
I was using openldap and openssl fro hp-ux taken from another website (porting for hpux)

I still didn't fix the the problem using the versions provided by HP.

Regarding the version of SSH provided by HP I don't think it contains the same kind of patch that I probably need and that I have on Gentoo.
I can see the difference between the version that I have on gentoo and on hp-ux.
First the man page on gentoo speaks about LpkServer, LpkUserDN, Lpk.... (yes the patch also patches tha man page of course :P).
Second sshd_config on gentoo contains commented rows regarding this lpk.
In other words we are not speaking about the same thing :-) Furthermore, LDAP+SSH seems to be totally undocumented on HP-UX.
mmhh... hope nobody answers saying that's not much used, and for that reason is not supported by HP ;-) I have seen similar answers when people asked about loop devices and pseudo filesystems ;)
--
Massimiliano
0 Kudos
Reply
Armin Kunaschik
Esteemed Contributor

тАО12-13-2005 10:18 PM

тАО12-13-2005 10:18 PM

Re: SSH and LDAP

HP's OpenSSH is able to authenticate against an LDAP directory via PAM.
This seems to be different compared to your Gentoo SSH.
I think there is also a PAM_LDAP for Linux.
I'd prefer this kind of LDAP integration because is independent from any application and operation system.

If you like to continue this way check the prerequisites of the ldap patch e.g. (Open)LDAP(?) version and the consistency (same version!) of the header and library files.
Maybe there are also compiler issues (gcc or HP-ANSI-cc)?

My 2 cents,
Armin

PS: Assign points if you find answers useful!
And now for something completely different...
0 Kudos
Reply
Massimiliano Adamo
Occasional Advisor

тАО12-14-2005 12:12 AM

тАО12-14-2005 12:12 AM

Re: SSH and LDAP

Hi armin.

thanks for the answer.
Anywa, I know hp secure sh works with pam and ldap.
Gentoo patch (provided by openssh team) is something different: it's something used to distribute ssh keys from an LDAP server.
To be much clear as possible: using an LpK server (Ldap Public Key server) you don't need to store they keys on each single machine in ~/.ssh/blabla .... but you'll get it from the LpK server. As I have 700 server this is quit important for me, and this is what I am looking for.
Regarding authentication, of course it works with pam (but that wasn't my question), and I think everybody knows.

Once I compile ssh with this patch I'll create the depot file and distritubte on all servers.

If you want point from me I'll be happy to help you but you must answer my question, not another :-))

Cheers
Massimiliano
0 Kudos
Reply
Armin Kunaschik
Esteemed Contributor

тАО12-14-2005 05:51 AM

тАО12-14-2005 05:51 AM

Re: SSH and LDAP

You define how useful you find answers. That's OK.
I didn't ask you to give 10 points to me, it's up to you!

But you should accept how things work in this forum! You did not give ANY points to anybody (yet hopefully)!
There are people around who simply don't give answers if they can't earn points.
You can expect less answers if you don't follow that rules.

You have to decide on your own!
Armin

PS: Please assign 0 points to that message :-)
And now for something completely different...
0 Kudos
Reply
Massimiliano Adamo
Occasional Advisor

тАО12-15-2005 12:02 AM

тАО12-15-2005 12:02 AM

Re: SSH and LDAP

gave you 2 points, and that was too much to hear things that I already knew :))

cheers
Massimiliaon
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.