Re: [389-users] Users added in group via add member not able to authenticate

For apache, to enforce group member restriction follow below syntax. AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid Require group cn=Administrators, o=Airius Yours should be: ldap://10.209.22.65:389/ou=People?uid Require group cn=IT, ou=shared,ou=people,dc=ldapser,dc=com More examples and exp

Re: [389-users] Users added in group via add member not able to authenticate

Typo: ldap://10.209.22.65:389/ou=people,dc=ldapser,dc=com?uid On Mon, 2010-07-19 at 16:05 -0400, Prashanth Sundaram wrote: > For apache, to enforce group member restriction follow below syntax. > > AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid > Require group cn=Administrato

Re: [389-users] Documentation for pam pass

Hi, Here¹s how my PAM PTA looks like. But id on;t think it is of much use. dn: cn=PAM Pass Through Auth,cn=plugins,cn=config nsslapd-pluginEnabled: on pamSecure: FALSE pamExcludeSuffix: o=NetscapeRoot pamExcludeSuffix: cn=config I don¹t think the PTA will work against some other attribute which

[389-users] Bad Ber tag encountered and IO block timeout logconv.pl

Hello all, We have been experiencing some ldap timeout errors in a multi-master setup. My setup looks close to this one but there is _NO_ M32 and M41 i.e consumers don;t replicate to masters http://www.redhat.com/docs/manuals/dir-server/8.1/deploy/Deployment_Guide-De signing_the_Replication_Proce

[389-users] logconv.pl does not accept start End dates

All, When I run this I don¹t get any usable output(empty template shows up). But when I don;t specify dates, it just works. $ logconv.pl -S "[04/Apr/2010:15:00:00 -0400]" -E "[04/May/2010:15:00:00 -0400]" -V /var/log/dirsrv/slapd-poe111/access* Access Log Analyzer 6.0 Command : logconv.pl -S [0

[389-users] getent group doesnt show any ldap groups

I got around this by changing the ldap.conf. pam_filter objectclass=posixAccount pam_member_attribute uniquemember I haven;t tested this but you can also map the memberuid and memberof to Uniquememember. So the nss_ldap checks the uniquemember value every time. nss_map_attribute memberuid unique

Re: [389-users] getent group doesnt show any ldap groups

-0400, Prashanth Sundaram wrote: > I got around this by changing the ldap.conf. > > pam_filter objectclass=posixAccount > pam_member_attribute uniquemember > > I haven;t tested this but you can also map the memberuid and memberof > to Uniquememember. So the nss_ldap checks t

[389-users] Debug PTA and PAM-PTA stack for ldap timeout

Hello, We are having some ldap timeout issues in out MMR-SLAVE ldap setup. A user is unable to ssh to random hosts at random times. Terminal Error: Permission denied (publickey,gssapi-with-mic,password) secure logs: pam_ldap: ldap_result Timed out Failed password for psundaram from

Re: [389-users] Restoring a completely broken machine that is using a shared netscapedb

Gerrad, Here is some documentation on Disaster recovery. http://www.redhat.com/docs/manuals/dir-server/8.2/admin/html/disaster-recovery.html Basically the steps are correct, but when I was in that situation I pointed the ldap to our then stand-by server. The reason was, I could not completely re