2005/8/4, John Wright <[EMAIL PROTECTED]>:
> /usr/libexec/auth/login_-ldap -d afarber should be more verbose.
>
Thank you, now I get:
blowfish# /usr/local/libexec/auth/login_-ldap -d afarber
Password:
couldn't get x-ldap-server
reject
Aug 4 10:11:43 blowfish login_-ldap: couldn't get x-ldap-server
Aug 4 10:11:43 blowfish login_-ldap: couldn't get x-ldap-server
I tried to look into login_ldap.c too and understood that it probably
didn't get my class correctly (wasn't it supposed to know it is "ldap" -
from my /etc/passwd entry?). So now I specify the class too and get:
blowfish# /usr/local/libexec/auth/login_-ldap -d afarber ldap
Password:
uri = ldap://172.25.93.242:389/
filter = (uid=afarber)
search result 0x0
reject
What does it mean, is my filter maybe wrong?
What LDAP-fields is login_-ldap looking at?
Regards
Alex
PS: I paste my /etc/login.conf below, but actually only the
last 6 lines were added by me to the stock version:
# $OpenBSD: login.conf,v 1.19 2005/02/07 08:33:05 otto Exp $
#
# Sample login.conf file. See login.conf(5) for details.
#
#
# Standard authentication styles:
#
# krb5-or-pwd First try Kerberos V password, then local password file
# passwd Use only the local password file
# krb5 Use only the Kerberos V password
# chpass Do not authenticate, but change users password (change
# the kerberos password if the user has one, else change
# the local password)
# lchpass Do not login; change user's local password instead
# radius Use radius authentication
# skey Use S/Key authentication
# activ ActivCard X9.9 token authentication
# crypto CRYPTOCard X9.9 token authentication
# snk Digital Pathways SecureNet Key authentication
# token Generic X9.9 token authentication
#
# Default allowed authentication styles
# useradd -m -d /home/afarber -s /usr/local/bin/tcsh -L ldap afarber
# auth-defaults:auth=-ldap,passwd,skey:
auth-defaults:auth=passwd,skey:
# Default allowed authentication styles for authentication type ftp
auth-ftp-defaults:auth-ftp=passwd:
#
# The default values
# To alter the default authentication types change the line:
# :tc=auth-defaults:\
# to be read something like: (enables passwd, "myauth", and activ)
# :auth=passwd,myauth,activ:\
# Any value changed in the daemon class should be reset in default
# class.
#
default:\
:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin:\
:umask=022:\
:datasize-max=256M:\
:datasize-cur=75M:\
:maxproc-max=128:\
:maxproc-cur=64:\
:openfiles-cur=64:\
:stacksize-cur=4M:\
:localcipher=blowfish,6:\
:ypcipher=old:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:
#
# Settings used by /etc/rc and root
# This must be set properly for daemons started as root by inetd as well.
# Be sure reset these values back to system defaults in the default class!
#
daemon:\
:ignorenologin:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
:localcipher=blowfish,8:\
:tc=default:
#
# Staff have fewer restrictions and can login even when nologins are set.
#
staff:\
:datasize-cur=75M:\
:datasize-max=infinity:\
:maxproc-max=256:\
:maxproc-cur=128:\
:ignorenologin:\
:requirehome@:\
:tc=default:
# XXX
ldap:\
:auth=-ldap:\
:x-ldap-server=172.25.93.242:\
:x-ldap-basedn=o=bonmp.XXX.com:\
:x-ldap-filter=(uid=%u):
[demime 1.01d removed an attachment of type application/octet-stream which had
a name of login.conf]
