[389-users] How to set up 389 client

Grzegorz Dwornicki gd1100 at gmail.com
Mon Jan 14 15:54:28 UTC 2013 

I do not know what you mean in DIACAP... acl I assume that you mean local
permision on system: I used ldap accounts with local permissions and I did
not experience any problems AFAICT.

Greg.
14 sty 2013 16:48, "Chaudhari, Rohit K." <Rohit.Chaudhari at jhuapl.edu>
napisaƂ(a):

> Is this something that will cause an issue with ACL/DIACAP restrictions?
> I'm not sure if you know what those are, but correct me if I'm wrong.
>
> Thanks.
>
> On 1/14/13 10:44 AM, "Doug Tucker" <tuckerd at lyle.smu.edu> wrote:
>
> >It's not going to show you the ldap users only the local ones.
> >
> >Sincerely,
> >
> >Doug Tucker
> >
> >On 01/14/2013 09:17 AM, Chaudhari, Rohit K. wrote:
> >> The id <ldap-user-name> command works just fine.  That is not where I
> >> am having the issue.  The issue lies in the local Users and Groups
> >> list in the RHEL client.
> >>
> >> When I click through System->Administration->Users and Groups, the
> >> ldap-user-name is not showing up on that list.  How do I get it to
> >> show up on that list? This is a concern to me because my bosses are
> >> questioning whether the ldap-user-name I created has proper ACL
> >> privileges and would meet DIACAP requirements.
> >>
> >> Thanks,
> >>
> >> Rohit
> >>
> >> From: Chandan Kumar <chandank.kumar at gmail.com
> >> <mailto:chandank.kumar at gmail.com>>
> >> Reply-To: "General discussion list for the 389 Directory server
> >> project." <389-users at lists.fedoraproject.org
> >> <mailto:389-users at lists.fedoraproject.org>>
> >> Date: Monday, January 7, 2013 1:43 PM
> >> To: "General discussion list for the 389 Directory server project."
> >> <389-users at lists.fedoraproject.org
> >> <mailto:389-users at lists.fedoraproject.org>>
> >> Subject: Re: [389-users] How to set up 389 client
> >>
> >> Sounds bit strange. what is out put of "id <ldap-user-name>". If sssd
> >> is configured properly this command has to work. Moreover, while you
> >> execute this command watch /var/log/secure.log for any error messages.
> >>
> >> Also disable selinux/Firewall and test.
> >>
> >> On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:
> >>
> >>     I configured everything with SSSD as you suggested.  I'm able to
> >>     do successful logins authenticating against the LDAP server, but
> >>     when I check the Users and Groups list on the client machine, that
> >>     newly created user isn't added.  Thoughts?
> >>
> >>     Thanks.
> >>
> >>     From: Chandan Kumar <chandank.kumar at gmail.com <javascript:_e({},
> >>     'cvml', 'chandank.kumar at gmail.com');>>
> >>     Reply-To: "General discussion list for the 389 Directory server
> >>     project." <389-users at lists.fedoraproject.org <javascript:_e({},
> >>     'cvml', '389-users at lists.fedoraproject.org');>>
> >>     Date: Monday, January 7, 2013 1:36 PM
> >>     To: "General discussion list for the 389 Directory server
> >>     project." <389-users at lists.fedoraproject.org <javascript:_e({},
> >>     'cvml', '389-users at lists.fedoraproject.org');>>
> >>     Subject: Re: [389-users] How to set up 389 client
> >>
> >>     are you using SSSD on client side or PADL/NSS?
> >>
> >>     On Monday, January 7, 2013, Chaudhari, Rohit K. wrote:
> >>
> >>         I do specify the POSIX properties on the LDAP side.  But when
> >>         I login with that created user on the client side and check
> >>         the Users and Groups list on the client machine, it is not
> >>         listed there.  I did avoid the warning message by adding the
> >>         LDAP user to a group that already exists.  I want the user I
> >>         create in LDAP to become listed in the Users and Groups list
> >>         on the client (for ACL purposes, if you know anything
> >>         regarding meeting DIACAP guidelines).  Did I miss something?
> >>
> >>         Thanks
> >>
> >>         From: Chandan Kumar <chandank.kumar at gmail.com>
> >>         Reply-To: "General discussion list for the 389 Directory
> >>         server project." <389-users at lists.fedoraproject.org>
> >>         Date: Monday, January 7, 2013 11:39 AM
> >>         To: "General discussion list for the 389 Directory server
> >>         project." <389-users at lists.fedoraproject.org>
> >>         Subject: Re: [389-users] How to set up 389 client
> >>
> >>         Hello Rohit,
> >>
> >>         While creating users you also need to specify POSIX properties
> >>         for the user.
> >>
> >>         In admin console you need to fill out posix properties details
> >>         while creating the user. Also make sure you create posix
> >>         groups and associate these new users with the group ID
> >>         otherwise while login time you may get some warning message
> >>         like  "id: Group does not exist".
> >>
> >>
> >>
> >>
> >>         --
> >>         http://about.me/chandank
> >>
> >>
> >>         On Mon, Jan 7, 2013 at 7:27 AM, Chaudhari, Rohit K.
> >>         <Rohit.Chaudhari at jhuapl.edu> wrote:
> >>
> >>             Hey Chandan,
> >>
> >>             So I got the RHEL client working, but I have an
> >>             outstanding issue.  When I look at the users/groups
> >>             setting on the client machine, the newly created user that
> >>             I made on the RHEL LDAP server does not show up on the
> >>             list.  Is this how it is supposed to work?  If not, how do
> >>             I get a LDAP user to become a part of the users and groups
> >>             list on the RHEL client?
> >>
> >>             Thanks,
> >>
> >>             Rohit
> >>
> >>             From: Chandan Kumar <chandank.kumar at gmail.com>
> >>             Reply-To: "General discussion list for the 389 Directory
> >>             server project." <389-users at lists.fedoraproject.org>
> >>             Date: Thursday, December 20, 2012 6:21 PM
> >>
> >>             To: "General discussion list for the 389 Directory server
> >>             project." <389-users at lists.fedoraproject.org>
> >>             Subject: Re: [389-users] How to set up 389 client
> >>
> >>             Yes do need to replace it with SSSD. If you are having a
> >>             fresh Centos install, by default it is sssd only.
> >>
> >>             Best way would be to use the authconfig tool as it changes
> >>             all related files and you don't have to manually change
> >>             all of them.  Moreover, you also need change the nss.conf
> >>             file and make sure groups/users do have sssd instead of
> >>ldap.
> >>
> >>             From RHEL 6.4 sssd will be fully supported and it gives
> >>             better performance if you intend to integrate many
> >>             applications with LDAP as it does not open multiple
> >>             connections with the directory server.
> >>
> >>             I will look that guide again and will try to improve it.
> >>
> >>             On Thursday, December 20, 2012, Chaudhari, Rohit K. wrote:
> >>
> >>                 Okay I will try checking those parameters.  I am doing
> >>                 sssd, I used ldap pan before in CentOS 6 and that ha
> >>
> >>
> >>
> >> --
> >>
> >> --
> >> http://about.me/chandank
> >>
> >>
> >>
> >> --
> >> 389 users mailing list
> >> 389-users at lists.fedoraproject.org
> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> >--
> >389 users mailing list
> >389-users at lists.fedoraproject.org
> >https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130114/f14af35b/attachment.html>

More information about the 389-users mailing list