Hi,
I am a newbie on 389 DS, I was following the RDS install document from RedHat Documentation.
OS: Centos 7.2 x64 latest updates 389 DS : 389-admin-console-1.1.10-1.el7.noarch 389-ds-base-libs-1.3.4.0-26.el7_2.x86_64 389-ds-base-1.3.4.0-26.el7_2.x86_64 389-console-1.1.9-1.el7.noarch 389-ds-console-1.2.12-1.el7.noarch 389-adminutil-1.1.22-1.el7.x86_64 389-admin-1.1.42-1.el7.x86_64
In the consideration before setting up DS, it's mentioned that we need to add this line to
*/etc/pam.d/system-authsession required /lib/security/$ISA/pam_limits.so*
After adding this line and rebooting the server, I am getting this error when I try to login into it: *Unknown module*
in */var/log/secure* I have *login: PAM unable to dlopen(/lib/security/$ISA/pam_limits.so): /lib/security/../../lib64/security/pam_limits.so: cannot open shared object file: No such file or directory*
I did read the */etc/pam.d/system-auth* file again, and I found that there is a line like this in it *session required pam_limits.so*
My question is : do I need the *session required /lib/security/$ISA/pam_limits.so* for 389 to work properly ? and if yes, how to avoid the above error?
if no, does *session required pam_limits.so* do the work?
Regards.
On Wed, 2016-03-02 at 19:28 +0100, wodel youchi wrote:
Hi,
I am a newbie on 389 DS, I was following the RDS install document from RedHat Documentation.
OS: Centos 7.2 x64 latest updates 389 DS : 389-admin-console-1.1.10-1.el7.noarch 389-ds-base-libs-1.3.4.0-26.el7_2.x86_64 389-ds-base-1.3.4.0-26.el7_2.x86_64 389-console-1.1.9-1.el7.noarch 389-ds-console-1.2.12-1.el7.noarch 389-adminutil-1.1.22-1.el7.x86_64 389-admin-1.1.42-1.el7.x86_64
In the consideration before setting up DS, it's mentioned that we need to add this line to
Can you provide a link to the documentation you are looking at?
*/etc/pam.d/system-authsession required /lib/security/$ISA/pam_limits.so*
After adding this line and rebooting the server, I am getting this error when I try to login into it: *Unknown module*
in */var/log/secure* I have *login: PAM unable to dlopen(/lib/security/$ISA/pam_limits.so): /lib/security/../../lib64/security/pam_limits.so: cannot open shared object file: No such file or directory*
I did read the */etc/pam.d/system-auth* file again, and I found that there is a line like this in it *session required pam_limits.so*
My question is : do I need the *session required /lib/security/$ISA/pam_limits.so* for 389 to work properly ? and if yes, how to avoid the above error?
if no, does *session required pam_limits.so* do the work?
This looks like the old way (EL5 era) of modifying pam. These days you would just change the line to be:
session required pam_limits.so
But IIRC that's already part of the pam configuration as you have already noted, so you SHOULD NOT need to touch this.
In other words, yes, pam_limits.so already does the work.
To be honest, I think that it's irrelevant these days, as on el7 it would be the limits set by systemd that take effect, not the login shell limits, so you should set those. Look at:
/etc/sysconfig/dirsrv.systemd
This file is included by /usr/lib/systemd/system/dirsrv@.service
Which is used to start / stop dirsrv on el7.
I hope that helps you.
Hi and thanks for your help,
This is the link of the documentation :
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ht...
and it is the actual documentation of the RDS v10
Regards.
2016-03-03 1:05 GMT+01:00 William Brown wibrown@redhat.com:
On Wed, 2016-03-02 at 19:28 +0100, wodel youchi wrote:
Hi,
I am a newbie on 389 DS, I was following the RDS install document from RedHat Documentation.
OS: Centos 7.2 x64 latest updates 389 DS : 389-admin-console-1.1.10-1.el7.noarch 389-ds-base-libs-1.3.4.0-26.el7_2.x86_64 389-ds-base-1.3.4.0-26.el7_2.x86_64 389-console-1.1.9-1.el7.noarch 389-ds-console-1.2.12-1.el7.noarch 389-adminutil-1.1.22-1.el7.x86_64 389-admin-1.1.42-1.el7.x86_64
In the consideration before setting up DS, it's mentioned that we need to add this line to
Can you provide a link to the documentation you are looking at?
*/etc/pam.d/system-authsession required /lib/security/$ISA/pam_limits.so*
After adding this line and rebooting the server, I am getting this error when I try to login into it: *Unknown module*
in */var/log/secure* I have *login: PAM unable to dlopen(/lib/security/$ISA/pam_limits.so): /lib/security/../../lib64/security/pam_limits.so: cannot open shared
object
file: No such file or directory*
I did read the */etc/pam.d/system-auth* file again, and I found that
there
is a line like this in it *session required pam_limits.so*
My question is : do I need the *session required /lib/security/$ISA/pam_limits.so* for 389 to work properly ? and if yes, how to avoid the above error?
if no, does *session required pam_limits.so* do the work?
This looks like the old way (EL5 era) of modifying pam. These days you would just change the line to be:
session required pam_limits.so
But IIRC that's already part of the pam configuration as you have already noted, so you SHOULD NOT need to touch this.
In other words, yes, pam_limits.so already does the work.
To be honest, I think that it's irrelevant these days, as on el7 it would be the limits set by systemd that take effect, not the login shell limits, so you should set those. Look at:
/etc/sysconfig/dirsrv.systemd
This file is included by /usr/lib/systemd/system/dirsrv@.service
Which is used to start / stop dirsrv on el7.
I hope that helps you.
-- Sincerely,
William Brown Software Engineer Red Hat, Brisbane
-- 389 users mailing list 389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
On Thu, 2016-03-03 at 01:26 +0100, wodel youchi wrote:
Hi and thanks for your help,
This is the link of the documentation :
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ht... Installation_Guide/Preparing_for_a_Directory_Server_Installation- Considerations.html
and it is the actual documentation of the RDS v10
https://bugzilla.redhat.com/show_bug.cgi?id=1314129
I have raised an issue about this documentation and hope it will be corrected shortly.
Thanks for finding this!
389-users@lists.fedoraproject.org