Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Notes/Domino 6 and 7 Forum

Notes/Domino 6 and 7 Forum


  

PreviousPrevious NextNext

RE: LDAP for Solaris/linux user authentication??!
~Sanjay Froaly 22.Apr.03 06:06 PM a Web browser
General 6.0.1 All Platforms


I found this and it might be of use to you and a couple of others here playing with Linux, Samba, PAM etc.:

http://www.openntf.org/projects/pmt.nsf/HomeLookup/2C7B9238190CDED588256D09003D2536?OpenDocument

Additional info on integrating SAMBA and OpenLDAP that might be useful for Domin as well:
http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#samba.schema


Some notes on my progress on a slightly different approach to the problem. I got the underlying Linux authentication system to look to Domino for credentials, it will then work for anything that supports PAM (pluggable authentication modules). I was working on getting CVS running, there are some political battles in the CVS team which mean that the official version of CVS does not support PAM, but it can be patched to do so quite easily (I managed it so it can't be that hard.)

To act as an authentication server Domino must support the posixAccount Schema and the posixGroup Schema.

add a subform to your domino directory I called mine "LDAP posixAccount Schema"
add the following fields: note all are text, do not for a moment consider making the UIDNumber and GIDnumber numeric. if you do, then you are stuffed as the UNK table gets the wrong datatype .
UIDNumber - text!!!! editable, default value something to create a unique number, I used "@Text(@Integer(1000+(@Random*1000)))"
GIDNumber - text!!!! computed formula is "UIDNumber"
home directory - editable, default value "/home/"+@LowerCase(shortname)"
login shell - editable, default value "/bin/bash"
$objectclass - computed, allow multiple values, "posixAccount":"posixGroup"

add your subform to the existing subform $PersonExtensibleSchema
refresh a few person documents
go to your server console and type tell ldap reload schema.
you now have a nicely configured LDAP server.

on the client side (that is your linux machine)
open a couple of root shells, leave them open. you could lock yourself out in this process.
edit /etc/ldap.conf only the following lines should be uncommented:

host www.yourserver.com
binddn cn=Jean-Luc Picard,o=Enterprise
bindpw=makeitso
rootbinddn cn=Jean-Luc Picard,o=Enterprise
pam_password clear
ssl no

replace the bold stuff with a user and password that can read your NAB but not much else.
echo makeitso>/etc/ldap.secret
run authconfig, or edit /etc/pam.d/system-auth, mine looks like this:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so

account required /lib/security/pam_unix.so
account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/pam_ldap.so




LDAP for Solaris/linux user authent... (~Chris Umjipyfl... 5.Mar.03)
. . RE: LDAP for Solaris/linux user aut... (~Tip Xanfanakon... 8.Mar.03)
. . RE: LDAP for Solaris/linux user aut... (~Jennifer Rejip... 11.Mar.03)
. . RE: LDAP for Solaris/linux user aut... (~Sanjay Froaly 22.Apr.03)


Document Options






  Document options
Print this pagePrint this page

Search this forum

Forum views and search


  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Category
Platform
Release
Advanced search

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS