[389-users] How to set up 389 client

Grzegorz Dwornicki gd1100 at gmail.com
Mon Jan 14 15:28:19 UTC 2013 

I am not sure but In my opinion this applet read only local files. You can
use other tools to modify ldap users. Maybe if you tell us what
modifications you wish to do someone might help you :). I don't wish to
make you chassing ghosts soo I am not giving any ldap client name without
knowing what you intend to do.

Greg.
14 sty 2013 16:18, "Chaudhari, Rohit K." <Rohit.Chaudhari at jhuapl.edu>
napisaƂ(a):

> The id <ldap-user-name> command works just fine.  That is not where I am
> having the issue.  The issue lies in the local Users and Groups list in the
> RHEL client.
>
> When I click through System->Administration->Users and Groups, the
> ldap-user-name is not showing up on that list.  How do I get it to show up
> on that list? This is a concern to me because my bosses are questioning
> whether the ldap-user-name I created has proper ACL privileges and would
> meet DIACAP requirements.
>
> Thanks,
>
> Rohit
>
> From: Chandan Kumar <chandank.kumar at gmail.com>
> Reply-To: "General discussion list for the 389 Directory server project."
> <389-users at lists.fedoraproject.org>
> Date: Monday, January 7, 2013 1:43 PM
> To: "General discussion list for the 389 Directory server project." <
> 389-users at lists.fedoraproject.org>
> Subject: Re: [389-users] How to set up 389 client
>
> Sounds bit strange. what is out put of "id <ldap-user-name>". If sssd is
> configured properly this command has to work. Moreover, while you execute
> this command watch /var/log/secure.log for any error messages.
>
> Also disable selinux/Firewall and test.
>
> On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:
>
>> I configured everything with SSSD as you suggested.  I'm able to do
>> successful logins authenticating against the LDAP server, but when I check
>> the Users and Groups list on the client machine, that newly created user
>> isn't added.  Thoughts?
>>
>> Thanks.
>>
>> From: Chandan Kumar <chandank.kumar at gmail.com>
>> Reply-To: "General discussion list for the 389 Directory server
>> project." <389-users at lists.fedoraproject.org>
>> Date: Monday, January 7, 2013 1:36 PM
>> To: "General discussion list for the 389 Directory server project." <
>> 389-users at lists.fedoraproject.org>
>> Subject: Re: [389-users] How to set up 389 client
>>
>> are you using SSSD on client side or PADL/NSS?
>>
>> On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:
>>
>> I do specify the POSIX properties on the LDAP side.  But when I login
>> with that created user on the client side and check the Users and Groups
>> list on the client machine, it is not listed there.  I did avoid the
>> warning message by adding the LDAP user to a group that already exists.  I
>> want the user I create in LDAP to become listed in the Users and Groups
>> list on the client (for ACL purposes, if you know anything regarding
>> meeting DIACAP guidelines).  Did I miss something?
>>
>> Thanks
>>
>> From: Chandan Kumar <chandank.kumar at gmail.com>
>> Reply-To: "General discussion list for the 389 Directory server
>> project." <389-users at lists.fedoraproject.org>
>> Date: Monday, January 7, 2013 11:39 AM
>> To: "General discussion list for the 389 Directory server project." <
>> 389-users at lists.fedoraproject.org>
>> Subject: Re: [389-users] How to set up 389 client
>>
>> Hello Rohit,
>>
>> While creating users you also need to specify POSIX properties for the
>> user.
>>
>> In admin console you need to fill out posix properties details while
>> creating the user. Also make sure you create posix groups and associate
>> these new users with the group ID otherwise while login time you may get
>> some warning message like  "id: Group does not exist".
>>
>>
>>
>>
>> --
>> http://about.me/chandank
>>
>>
>> On Mon, Jan 7, 2013 at 7:27 AM, Chaudhari, Rohit K. <
>> Rohit.Chaudhari at jhuapl.edu> wrote:
>>
>> Hey Chandan,
>>
>> So I got the RHEL client working, but I have an outstanding issue.  When
>> I look at the users/groups setting on the client machine, the newly created
>> user that I made on the RHEL LDAP server does not show up on the list.  Is
>> this how it is supposed to work?  If not, how do I get a LDAP user to
>> become a part of the users and groups list on the RHEL client?
>>
>> Thanks,
>>
>> Rohit
>>
>> From: Chandan Kumar <chandank.kumar at gmail.com>
>> Reply-To: "General discussion list for the 389 Directory server
>> project." <389-users at lists.fedoraproject.org>
>> Date: Thursday, December 20, 2012 6:21 PM
>>
>> To: "General discussion list for the 389 Directory server project." <
>> 389-users at lists.fedoraproject.org>
>> Subject: Re: [389-users] How to set up 389 client
>>
>> Yes do need to replace it with SSSD. If you are having a fresh Centos
>> install, by default it is sssd only.
>>
>> Best way would be to use the authconfig tool as it changes all related
>> files and you don't have to manually change all of them.  Moreover, you
>> also need change the nss.conf file and make sure groups/users do have sssd
>> instead of ldap.
>>
>> From RHEL 6.4 sssd will be fully supported and it gives better
>> performance if you intend to integrate many applications with LDAP as it
>> does not open multiple connections with the directory server.
>>
>> I will look that guide again and will try to improve it.
>>
>> On Thursday, December 20, 2012, Chaudhari, Rohit K. wrote:
>>
>> Okay I will try checking those parameters.  I am doing sssd, I used ldap
>> pan before in CentOS 6 and that ha
>>
>>
>
> --
>
> --
> http://about.me/chandank
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130114/c3c38795/attachment.html>

More information about the 389-users mailing list