[TriLUG] LDAP Question

Ben Simpson ben at silextech.com
Wed Aug 21 12:29:43 EDT 2002 

Cool.  thanks.  I will look into why uid is not working and change all my cn
to uid.

to get KDA to work i had to put in the ou.  ex. ou=people  that seem to get
it to work.  I also had to type out the location of admin.  cn=admin,
o=blah,c=blah
unfortunatly KDA didn't give me an error so that I can type the correct
syntax in.

I guess you can't start out in the "root"  so that you can see all the ou's
out there.  You have to start in an ou.
I have been reading about both of these and I think that DA is much better.
Password encryption support and sendmail aliasing. etc....

I think that DA will not enter in the ldap entries because it complains
about unidentified object or class.  So there maybe something wrong in the
schema.  Or I am not including the schema that it is looking for.

Ben


----- Original Message -----
From: "Michael Alan Dorman" <mdorman at debian.org>
To: <trilug at trilug.org>
Sent: Wednesday, August 21, 2002 12:14 PM
Subject: Re: [TriLUG] LDAP Question


> "Ben Simpson" <ben at silextech.com> writes:
>
> > By setting up the Directory Administrator i was able to get
> > KDirAdmin working.
>
> Do you mean that by accessing the directory with DA, KDA started
> working?  Or something else?  You didn't mention whether the KDA you
> were using was a debian package---if you downloaded a non-.deb binary
> that was looking for a library that DA also needed, that would explain
> it if the mere installation of DA made KDA work...
>
> > But now I have a question.  I am looking at the entries that the above
> > programs are creating and they have something like
> > uid=username,ou=people,o=organization,c=us
> >
> > is this correct?, because the ones that I did by hand look like this.
> > cn=username,ou=people,o=organization,c=us
> >
> > which way should it be? uid=username or cn=username
> > The reason that I ask is that the users that I create with these
programs
> > can't login.  No user exists type of thing.
> >
> > Any thoughts?
>
> For login stuff, use uid---that is, for instance, what libnss-ldap
> defaults to looking for, and that what the intended use is.
>
> cn is intended for the "common name", and in rfc2798 (which defines
> inetOrgPerson), you'll find that all the examples use cn for the
> full-name, like "Ben Simpson".
>
> Now you might have something in, say, /etc/libnss-ldap.conf or
> /etc/pam_ldap.conf that says to look for a cn rather than a uid, which
> could explain the breakage.  But you'd be better off moving to use the
> uid.
>
> Mike.
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
>

More information about the TriLUG mailing list