|
||||
|
1. Solaris’ LDAP authentication requires shadowAccount object class be bound to an account for lookups to succeed. Edit /usr/share/openldap/migration/migrate_passwd.pl to add the shadowAccount object class below posixAccount 2. Run ldapclient command on the Solaris with the parameters as specified as here 3. Remove /etc/pam.conf with this file 4. edit /etc/nsswitch.conf.ldap, change : hosts: ldap [NOTFOUND=return] […] AuthName “Pls login with your username and password” AuthType Basic AuthBasicProvider ldap AuthLDAPURL “ldap://ldap.abc.edu.hk:389/dc=abc,dc=edu,dc=hk?uid” AuthzLDAPAuthoritative off Allow from mynetwork/24 Deny from all Satisfy Any Require valid-user This .htaccess will ask the user to enter the usernanme and password when connecting from outside mynetwork/24 Still working on how to do a posix group based authentication, however […] LDAP search filter is useful in Apache LDAP authentication and Ironport. Under Ironport, I use the below filter to search for valid user with his aliase : (|(uid={u})(cn={u})) I use the below to search if an user/alias is in a specific posix group : (&(cn={g})(memberUid={u})) Under OpenLDAP, to search a user : ldapsearch -x -b […] |
|
|||
