To make system aware of users in 389 you need to configure other files: /etc/ldap.conf (el5 systems) or /etc/nss_ldap.conf (el6 systems) + /etc/nsswitch.conf + PAM modules (/etc/pam.d/system-auth + install pam_ldap module). On RHEL/Fedora/Centos/SL you can do this easy way using authconfig, authconfig-tui or system-config-authentication. I don't recommend messing manually with PAM without reading some docs about them, because you can break login in your system. <br>
<br>Consider using one three tools I have toold about. They can modify all required files. You may be required to install nss-pam-ldapd package on el6 systems for PAM to work, this will install nslcd daemon too as dependency. I usually set FORLEGACY to yes in /etc/systemconfig/authconfig on el6 systems<br>
<br><div class="gmail_quote">2012/7/28 fosiul alam <span dir="ltr"><<a href="mailto:expertalert@gmail.com" target="_blank">expertalert@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi <br>Dont know how to reply on same thread.<br><br>but thank for quick reply.<br><br>its case sensitive. so I created the cert file <br>and i put that one into client , and i configured as documentated <br><br>/etc/openldap/ldap.conf<br>
<br>URI ldap://ldap-2.fosiul.lan/<br>BASE dc=fosiul,dc=lan<br>TLS_CACERTDIR /etc/openldap/cacerts/<br>TLS_REQCERT allow<br>#TLS_CACERT /etc/openldap/cacerts/cacert.asc<br><br><br>and in /etc/ldap.conf<br>base dc=fosiul,dc=lan<br>
uri ldap://ldap-2.fosiul.lan/<br>ssl start_tls<br>tls_cacertdir /etc/openldap/cacerts/<br><br>#TLS_CACERT /etc/openldap/cacerts/cacert.asc<br>pam_password md5<br><br><br><br>and i can see it created another file in /etc/openldap/cacerts/ directory like ths <br>
5be5959f.0 ds-ca.crt<br><br>and when i do like this<br><br>id usrname<br><br>it does not find the user and i dont see any error in /var/log/message<br><br>so its like its connecting to ldap. .but it does not get any information<br>
<br>do i have to say Cn="Directory Manager" some where in ldap.conf file ??<br><br>thanks for your help.<br><br>Fosiul<br><br>but in clients , log file <br><br>
<br>--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br></blockquote></div><br>