[sclug] LDAP Authentication

Jonathan Leighton lists at turnipspatch.com
Mon Nov 28 22:46:43 UTC 2005

Hi all,

Where I work we have decided to try to set up LDAP authentication in an
attempt to reduce the amount of times people have to change their
passwords in different places. We have one Linux server, one Windows
server and mainly Windows workstations (a Mac or two too).

I want to use the Linux server as the LDAP server, and have tried to set
it up. I want it to authenticate itself with LDAP too. I followed the
instructions here:
http://enterprise.linux.com/enterprise/05/09/15/1930256.shtml on how to
set it up.

After much frustration I think I eventually managed something with the
server side of things; this is what the LDAP tree holds:

$ ldapsearch -x -b dc=getafix
# extended LDIF
# LDAPv3
# base <dc=getafix> with scope sub
# filter: (objectclass=*)
# requesting: ALL

# getafix
dn: dc=getafix
objectClass: dcObject
objectClass: organization
o: Dunwoody
dc: getafix

# Manager, getafix
dn: cn=Manager,dc=getafix
objectClass: organizationalRole
cn: Manager

# people, getafix
dn: ou=people,dc=getafix
objectClass: organizationalUnit
objectClass: top
ou: people

# group, getafix
dn: ou=group,dc=getafix
objectClass: organizationalUnit
objectClass: top
ou: group

# users, group, getafix
dn: cn=users,ou=group,dc=getafix
objectClass: posixGroup
objectClass: top
cn: users
userPassword:: e2NyeXB0fXg=
gidNumber: 9000

# computers, getafix
dn: ou=computers,dc=getafix
objectClass: organizationalUnit
objectClass: top
ou: computers

# getafix$, computers, getafix
dn: uid=getafix$,ou=computers,dc=getafix
objectClass: posixAccount
objectClass: account
objectClass: sambaSamAccount
cn: getafix$
uid: getafix$
uidNumber: 25000
gidNumber: 9000
homeDirectory: /dev/null
loginShell: /bin/false
gecos: getafix$
description: getafix$
sambaNTPassword: A79567A40B8C2FD67EAEE38FCB30F0E7
sambaLMPassword: 3196AC681DCAB379AAD3B435B51404EE
sambaPwdLastSet: 1132332378
sambaSID: S-1-0-0-51000
sambaPrimaryGroupSID: S-1-0-0-515
sambaPwdCanChange: 1132332378
sambaPwdMustChange: 1893452400
sambaAcctFlags: [W          ]
sambaDomainName: getafix

# test.ldap, people, getafix
dn: uid=test.ldap,ou=people,dc=getafix
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: sambaSamAccount
cn: test.ldap
uid: test.ldap
uidNumber: 1027
gidNumber: 9000
homeDirectory: /home/test.ldap
givenName: Test
sn: LDAP
shadowExpire: 21914
loginShell: /bin/bash
gecos: Test LDAP
description: Test LDAP
shadowMin: 1
shadowMax: 365
shadowWarning: 10
shadowInactive: 10
shadowLastChange: 13105
sambaNTPassword: 31D6CFE0D16AE931B73C59D7E0C089C0
sambaLMPassword: AAD3B435B51404EEAAD3B435B51404EE
sambaPwdLastSet: 1132334027
sambaSID: S-1-0-0-3054
sambaPwdCanChange: 1041382800
sambaPwdMustChange: 1893459600
sambaAcctFlags: [UX         ]
displayName: Test LDAP
sambaHomePath: \\server\test.ldap
sambaHomeDrive: U:
sambaDomainName: getafix

# search result
search: 2
result: 0 Success

# numResponses: 9
# numEntries: 8


The trouble is that I cannot get the server to use the LDAP server for
authentication. Doing "passwd test.ldap" tells me that the user does not
exist, and chowning a file to 1027 and doing "ls -l" just shows the UID
(as opposed to the username if it were working). I am a complete newbie
to LDAP so have no idea how to troubleshoot such a thing. Any help or
suggestions would be greatly appreciated.

The distro is Ubuntu Hoary -- fully up to date.

Many thanks

Jonathan Leighton
http://turnipspatch.com/ | http://jonathanleighton.com/ | http://digital-proof.org/

More information about the Sclug mailing list