[TriLUG] LDAP Question
Michael Alan Dorman
mdorman at debian.org
Wed Aug 21 12:14:13 EDT 2002
"Ben Simpson" <ben at silextech.com> writes:
> By setting up the Directory Administrator i was able to get
> KDirAdmin working.
Do you mean that by accessing the directory with DA, KDA started
working? Or something else? You didn't mention whether the KDA you
were using was a debian package---if you downloaded a non-.deb binary
that was looking for a library that DA also needed, that would explain
it if the mere installation of DA made KDA work...
> But now I have a question. I am looking at the entries that the above
> programs are creating and they have something like
> uid=username,ou=people,o=organization,c=us
>
> is this correct?, because the ones that I did by hand look like this.
> cn=username,ou=people,o=organization,c=us
>
> which way should it be? uid=username or cn=username
> The reason that I ask is that the users that I create with these programs
> can't login. No user exists type of thing.
>
> Any thoughts?
For login stuff, use uid---that is, for instance, what libnss-ldap
defaults to looking for, and that what the intended use is.
cn is intended for the "common name", and in rfc2798 (which defines
inetOrgPerson), you'll find that all the examples use cn for the
full-name, like "Ben Simpson".
Now you might have something in, say, /etc/libnss-ldap.conf or
/etc/pam_ldap.conf that says to look for a cn rather than a uid, which
could explain the breakage. But you'd be better off moving to use the
uid.
Mike.
More information about the TriLUG
mailing list