Re: OpenSSH public key problem with Solaris 10 and LDAP users?
This is a discussion on Re: OpenSSH public key problem with Solaris 10 and LDAP users? within the OpenSSH Development forums, part of the Networking and Network Related category; Solaris 10 has a ldaplist command, that will use all the same Solaris libs and files to access ldap as ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-15-2007
|
|||
|
|||
Re: OpenSSH public key problem with Solaris 10 and LDAP users?
Solaris 10 has a ldaplist command, that will use all the same
Solaris libs and files to access ldap as the Solaris pam does. Try running as a user and then as root these commands: ldaplist -l passwd askwar ldaplist -l passwd testing It might show something, like the account is locked... Alexander Skwar wrote: > Jefferson Ogata <Jefferson.Ogata@noaa.gov> wrote: > >> On 2007-08-15 06:52, Alexander Skwar wrote: >>> I doubt that. In LDAP, there's no difference between the non-working >>> users and the working users. At least not, as far as I can tell. >> Are you sure you're dumping all the attributes? > > No. But I'm sure that I'm importing all the attributes :) As > written elsewhere in this thread - initially, I filled the > database with the help of PADL MigrationTools. This converted > /etc/passwd to ldif format. I then ran ldapadd to add the ldif > file to the LDAP database. > > That's what I did this time as well for the testing user. > >> Many LDAP servers don't >> dump certain attributes by default. Safest bet is to compare an actual >> dump export from the LDAP server, rather than the result of running >> ldapsearch. > > You mean, that I should compare the output of slapcat? You're > right. And I did that. No difference. > > ,----[ differences between user entries, diff -u ] > | --- askwar.ldif Mit Aug 15 10:17:54 2007 > | +++ testing.ldif Mit Aug 15 10:18:09 2007 > | @@ -1,9 +1,9 @@ > | -dn: uid=askwar,ou=People,ou=RACE,o=Example > | -uid: askwar > | -cn: Alexander Skwar > | +dn: uid=testing,ou=People,ou=RACE,o=Example > | +uid: testing > | +cn: Testing User > | roomNumber: alexander.skwar@Exampleauto.com > | -givenName: Alexander > | -sn: Skwar > | +givenName: Testing > | +sn: User > | mail: askwar@win.ch.da.rtr > | mailRoutingAddress: askwar@mail1.Exampleauto.com > | mailHost: mail1.Exampleauto.com > | @@ -19,17 +19,17 @@ > | shadowLastChange: 13503 > | loginShell: /opt/csw/bin/bash > | gidNumber: 10 > | -homeDirectory: /export/home/askwar > | +homeDirectory: /tmp/testing > | gecos: Alexander Skwar,alexander.skwar@Exampleauto.com > | -structuralObjectClass: inetOrgPerson > | -entryUUID: 731c4ae2-76e2-102b-929e-898e4be004d5 > | -creatorsName: cn=Admin,ou=RACE,o=Example > | -createTimestamp: 20070404102443Z > | host: winnb000488 > | host: winnb000488.win.ch.da.rtr > | host: winds06 > | host: winds06.win.ch.da.rtr > | -uidNumber: 10001 > | -entryCSN: 20070412121522Z#000000#00#000000 > | +uidNumber: 54321 > | +structuralObjectClass: inetOrgPerson > | +entryUUID: 7634ba72-df45-102b-981d-216a382f8806 > | +creatorsName: cn=Admin,ou=RACE,o=Example > | +createTimestamp: 20070815063530Z > | +entryCSN: 20070815063530Z#000000#00#000000 > | modifiersName: cn=Admin,ou=RACE,o=Example > | -modifyTimestamp: 20070412121522Z > | +modifyTimestamp: 20070815063530Z > `---- > > No relevant differences :/ "askwar" is the working user, "testing" > is the non-working user. > > Thanks again, > Alexander Skwar > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@mindrot.org > https://lists.mindrot.org/mailman/li...enssh-unix-dev > > -- Douglas E. Engert <DEEngert@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/li...enssh-unix-dev 
|
Linear Mode
