OpenSSH public key problem with Solaris 10 and LDAP users?

Douglas E. Engert deengert at anl.gov
Thu Aug 16 01:47:59 EST 2007 

Solaris 10 has a ldaplist command, that will use all the same
Solaris libs and files to access ldap as the Solaris pam does.

Try running as a user and then as root these commands:

  ldaplist -l passwd askwar
  ldaplist -l passwd testing

It might show something, like the account is locked...


Alexander Skwar wrote:
> Jefferson Ogata <Jefferson.Ogata at noaa.gov> wrote:
> 
>> On 2007-08-15 06:52, Alexander Skwar wrote:
>>> I doubt that. In LDAP, there's no difference between the non-working
>>> users and the working users. At least not, as far as I can tell.
>> Are you sure you're dumping all the attributes?
> 
> No. But I'm sure that I'm importing all the attributes :) As
> written elsewhere in this thread - initially, I filled the
> database with the help of PADL MigrationTools. This converted
> /etc/passwd to ldif format. I then ran ldapadd to add the ldif
> file to the LDAP database.
> 
> That's what I did this time as well for the testing user.
> 
>> Many LDAP servers don't 
>> dump certain attributes by default. Safest bet is to compare an actual
>> dump export from the LDAP server, rather than the result of running
>> ldapsearch.
> 
> You mean, that I should compare the output of slapcat? You're
> right. And I did that. No difference.
> 
> ,----[ differences between user entries, diff -u ]
> | --- askwar.ldif Mit Aug 15 10:17:54 2007
> | +++ testing.ldif        Mit Aug 15 10:18:09 2007
> | @@ -1,9 +1,9 @@
> | -dn: uid=askwar,ou=People,ou=RACE,o=Example
> | -uid: askwar
> | -cn: Alexander Skwar
> | +dn: uid=testing,ou=People,ou=RACE,o=Example
> | +uid: testing
> | +cn: Testing User
> |  roomNumber: alexander.skwar at Exampleauto.com
> | -givenName: Alexander
> | -sn: Skwar
> | +givenName: Testing
> | +sn: User
> |  mail: askwar at win.ch.da.rtr
> |  mailRoutingAddress: askwar at mail1.Exampleauto.com
> |  mailHost: mail1.Exampleauto.com
> | @@ -19,17 +19,17 @@
> |  shadowLastChange: 13503
> |  loginShell: /opt/csw/bin/bash
> |  gidNumber: 10
> | -homeDirectory: /export/home/askwar
> | +homeDirectory: /tmp/testing
> |  gecos: Alexander Skwar,alexander.skwar at Exampleauto.com
> | -structuralObjectClass: inetOrgPerson
> | -entryUUID: 731c4ae2-76e2-102b-929e-898e4be004d5
> | -creatorsName: cn=Admin,ou=RACE,o=Example
> | -createTimestamp: 20070404102443Z
> |  host: winnb000488
> |  host: winnb000488.win.ch.da.rtr
> |  host: winds06
> |  host: winds06.win.ch.da.rtr
> | -uidNumber: 10001
> | -entryCSN: 20070412121522Z#000000#00#000000
> | +uidNumber: 54321
> | +structuralObjectClass: inetOrgPerson
> | +entryUUID: 7634ba72-df45-102b-981d-216a382f8806
> | +creatorsName: cn=Admin,ou=RACE,o=Example
> | +createTimestamp: 20070815063530Z
> | +entryCSN: 20070815063530Z#000000#00#000000
> |  modifiersName: cn=Admin,ou=RACE,o=Example
> | -modifyTimestamp: 20070412121522Z
> | +modifyTimestamp: 20070815063530Z
> `----
> 
> No relevant differences :/ "askwar" is the working user, "testing"
> is the non-working user.
> 
> Thanks again,
> Alexander Skwar
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the openssh-unix-dev mailing list