Hello everybody,
I want to create a posixgroup for my useraccount, i created a user with
utility of 389 DS, but when i see my client linux, i not see my group when i
wrote id user. I see just my user and not my group.
Please help me.
Dan
--
Dan Kakon
126, Avenue de Paris
94300 Vincennes
Tel : 0178689468
Port : 0650621292
email :dankakon@dksn.net
kakon.dan@gmail.com
Blog DKSN: www.dksn.net
On Wed, 2009-11-25 at 09:06 +0100, dan kakon wrote:> Hello everybody, > > I want to create a posixgroup for my useraccount, i created a user > with utility of 389 DS, but when i see my client linux, i not see my > group when i wrote id user. I see just my user and not my group. > > Please help me. ><snip> If I recall correctly (and I''m not sure that I do), you need to manually add an objectClass of posixgroup to the user - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society
Thanks, John, i have a problem with a passwd command, i added a object class user password for to manage a password and i activated a passwd in 389 DS. DAn 2009/11/25 John A. Sullivan III <jsullivan@opensourcedevel.com>> On Wed, 2009-11-25 at 09:06 +0100, dan kakon wrote: > > Hello everybody, > > > > I want to create a posixgroup for my useraccount, i created a user > > with utility of 389 DS, but when i see my client linux, i not see my > > group when i wrote id user. I see just my user and not my group. > > > > Please help me. > > > <snip> > If I recall correctly (and I''m not sure that I do), you need to manually > add an objectClass of posixgroup to the user - John > -- > John A. Sullivan III > Open Source Development Corporation > +1 207-985-7880 > jsullivan@opensourcedevel.com > > http://www.spiritualoutreach.com > Making Christianity intelligible to secular society > > -- > 389 users mailing list > 389-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >-- Dan Kakon 126, Avenue de Paris 94300 Vincennes Tel : 0178689468 Port : 0650621292 email :dankakon@dksn.net kakon.dan@gmail.com Blog DKSN: www.dksn.net
I not see a password in a shadow file, id user. Dan Thanks 2009/11/25 dan kakon <kakon.dan@gmail.com>> Thanks, > > John, i have a problem with a passwd command, i added a object class user > password for to manage a password and i activated a passwd in 389 DS. > > DAn > > 2009/11/25 John A. Sullivan III <jsullivan@opensourcedevel.com> > > On Wed, 2009-11-25 at 09:06 +0100, dan kakon wrote: >> > Hello everybody, >> > >> > I want to create a posixgroup for my useraccount, i created a user >> > with utility of 389 DS, but when i see my client linux, i not see my >> > group when i wrote id user. I see just my user and not my group. >> > >> > Please help me. >> > >> <snip> >> If I recall correctly (and I''m not sure that I do), you need to manually >> add an objectClass of posixgroup to the user - John >> -- >> John A. Sullivan III >> Open Source Development Corporation >> +1 207-985-7880 >> jsullivan@opensourcedevel.com >> >> http://www.spiritualoutreach.com >> Making Christianity intelligible to secular society >> >> -- >> 389 users mailing list >> 389-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > > > -- > Dan Kakon > 126, Avenue de Paris > 94300 Vincennes > Tel : 0178689468 > Port : 0650621292 > email :dankakon@dksn.net > kakon.dan@gmail.com > Blog DKSN: www.dksn.net > >-- Dan Kakon 126, Avenue de Paris 94300 Vincennes Tel : 0178689468 Port : 0650621292 email :dankakon@dksn.net kakon.dan@gmail.com Blog DKSN: www.dksn.net
Hello John, I don''t show user''s has passwd (userPassword), when i type this command "ldapsearch -x "uid=dkakon"". Help me please Thank you Dan 2009/11/25 John A. Sullivan III <jsullivan@opensourcedevel.com>> On Wed, 2009-11-25 at 09:06 +0100, dan kakon wrote: > > Hello everybody, > > > > I want to create a posixgroup for my useraccount, i created a user > > with utility of 389 DS, but when i see my client linux, i not see my > > group when i wrote id user. I see just my user and not my group. > > > > Please help me. > > > <snip> > If I recall correctly (and I''m not sure that I do), you need to manually > add an objectClass of posixgroup to the user - John > -- > John A. Sullivan III > Open Source Development Corporation > +1 207-985-7880 > jsullivan@opensourcedevel.com > > http://www.spiritualoutreach.com > Making Christianity intelligible to secular society > > -- > 389 users mailing list > 389-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >-- Dan Kakon 126, Avenue de Paris 94300 Vincennes Tel : 0178689468 Port : 0650621292 email :dankakon@dksn.net kakon.dan@gmail.com Blog DKSN: www.dksn.net
On Wed, 2009-11-25 at 11:07 +0100, dan kakon wrote:> I not see a password in a shadow file, id user.Nor should you. Neither /etc/passwd nor /etc/shadow should contain any reference to your LDAP users. If things are set up right, though, you should be able to view them as NSS sees them with ''getent passwd'' and ''getent shadow''. Depending on how you chose to set things up, there may be no shadow entries at all. Arguably, you don''t need the shadow information for LDAP users, if password expiration and account vailidity are all being enforced at the directory server level. --
On Wed, 2009-11-25 at 13:41 +0100, dan kakon wrote:> Hello John, > > I don''t show user''s has passwd (userPassword), when i type this > command "ldapsearch -x "uid=dkakon"". > Help me pleaseuserPassword is hidden from most users when they search, as its contents can be used in an offline dictionary attack or compared against a rainbow table to discover the actual password. This includes anonymous searches. If you are using pam_ldap and either an LDAPS or LDAP+TLS connection, nobody needs to be able to read the userPassword attribute anyway. If you really want to change this, you can look at the default ACLs that were added to your directory when you created it. That''s a bad idea, though. --
Thanks,
I add a shadowaccount, i doing this command getent passwd (ok this
fonction), getent group (ok this fonction) and getent shadow(this fonction)
"dkakon:*:14573:0:99999:7:::".
ldapsearch -h localhost "uid=dkakon"
version: 1
dn: uid=dkakon,ou=People,dc=fr,dc=publicisgroupe,dc=net
givenName: dan
sn: kakon
telephoneNumber: 0650621292
loginShell: /bin/bash
gidNumber: 700
uidNumber: 700
mail: kakon.dan@gmail.com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
objectClass: shadowaccount
objectClass: passwordpolicy
objectClass: passwordobject
uid: dkakon
gecos: Dan Kakon
cn: dan kakon
homeDirectory: /home/dkakon
shadowMax: 99999
shadowMin: 00000
shadowLastChange: 14573
shadowWarning: 7
userPassword:
{SSHA}3atvCZ+60iYb0qFtyzWg2p+HZFbpUgqCa4W0Xw=passwordStorageScheme: MD5
One:
I don''t a scheme of userPassword {SSHA} is by default, i add many
attributes
shadowaccount, passwordpolicy
I add a value userpassword on my group dkakon, i went to authentie my user
dkakon. Now this work.
file /etc/ldap.conf (client rhel 5.4):
host rh5std.fr.publicisgroupe.net
base dc=fr,dc=publicisgroupe,dc=net
uri ldap://rh5std.fr.publicisgroupe.net
ldap_version 3
port 389
scope one
timelimit 120
bind_timelimit 120
bind_policy soft
idle_timelimit 3600
pam_filter objectclass=posixaccount
pam_login_attribute uid
pam_member_attribute gid
pam_password ssha
nss_base_passwd ou=People,dc=fr,dc=publicisgroupe,dc=net?sub
nss_base_shadow ou=People,dc=fr,dc=publicisgroupe,dc=net?sub
nss_base_group ou=Groups,dc=fr,dc=publicisgroupe,dc=net?sub
Thanks
Dan
2009/11/25 Andrew C. Dingman <andrew@dingman.org>
> On Wed, 2009-11-25 at 11:07 +0100, dan kakon wrote:
> > I not see a password in a shadow file, id user.
>
> Nor should you. Neither /etc/passwd nor /etc/shadow should contain any
> reference to your LDAP users. If things are set up right, though, you
> should be able to view them as NSS sees them with ''getent
passwd'' and
> ''getent shadow''. Depending on how you chose to set things
up, there may
> be no shadow entries at all. Arguably, you don''t need the shadow
> information for LDAP users, if password expiration and account vailidity
> are all being enforced at the directory server level.
>
> --
>
> --
> 389 users mailing list
> 389-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
--
Dan Kakon
126, Avenue de Paris
94300 Vincennes
Tel : 0178689468
Port : 0650621292
email :dankakon@dksn.net
kakon.dan@gmail.com
Blog DKSN: www.dksn.net