OpenSSH public key problem with Solaris 10 and LDAP users?
Douglas E. Engert
deengert at anl.gov
Thu Aug 16 01:47:59 EST 2007
Solaris 10 has a ldaplist command, that will use all the same
Solaris libs and files to access ldap as the Solaris pam does.
Try running as a user and then as root these commands:
ldaplist -l passwd askwar
ldaplist -l passwd testing
It might show something, like the account is locked...
Alexander Skwar wrote:
> Jefferson Ogata <Jefferson.Ogata at noaa.gov> wrote:
>
>> On 2007-08-15 06:52, Alexander Skwar wrote:
>>> I doubt that. In LDAP, there's no difference between the non-working
>>> users and the working users. At least not, as far as I can tell.
>> Are you sure you're dumping all the attributes?
>
> No. But I'm sure that I'm importing all the attributes :) As
> written elsewhere in this thread - initially, I filled the
> database with the help of PADL MigrationTools. This converted
> /etc/passwd to ldif format. I then ran ldapadd to add the ldif
> file to the LDAP database.
>
> That's what I did this time as well for the testing user.
>
>> Many LDAP servers don't
>> dump certain attributes by default. Safest bet is to compare an actual
>> dump export from the LDAP server, rather than the result of running
>> ldapsearch.
>
> You mean, that I should compare the output of slapcat? You're
> right. And I did that. No difference.
>
> ,----[ differences between user entries, diff -u ]
> | --- askwar.ldif Mit Aug 15 10:17:54 2007
> | +++ testing.ldif Mit Aug 15 10:18:09 2007
> | @@ -1,9 +1,9 @@
> | -dn: uid=askwar,ou=People,ou=RACE,o=Example
> | -uid: askwar
> | -cn: Alexander Skwar
> | +dn: uid=testing,ou=People,ou=RACE,o=Example
> | +uid: testing
> | +cn: Testing User
> | roomNumber: alexander.skwar at Exampleauto.com
> | -givenName: Alexander
> | -sn: Skwar
> | +givenName: Testing
> | +sn: User
> | mail: askwar at win.ch.da.rtr
> | mailRoutingAddress: askwar at mail1.Exampleauto.com
> | mailHost: mail1.Exampleauto.com
> | @@ -19,17 +19,17 @@
> | shadowLastChange: 13503
> | loginShell: /opt/csw/bin/bash
> | gidNumber: 10
> | -homeDirectory: /export/home/askwar
> | +homeDirectory: /tmp/testing
> | gecos: Alexander Skwar,alexander.skwar at Exampleauto.com
> | -structuralObjectClass: inetOrgPerson
> | -entryUUID: 731c4ae2-76e2-102b-929e-898e4be004d5
> | -creatorsName: cn=Admin,ou=RACE,o=Example
> | -createTimestamp: 20070404102443Z
> | host: winnb000488
> | host: winnb000488.win.ch.da.rtr
> | host: winds06
> | host: winds06.win.ch.da.rtr
> | -uidNumber: 10001
> | -entryCSN: 20070412121522Z#000000#00#000000
> | +uidNumber: 54321
> | +structuralObjectClass: inetOrgPerson
> | +entryUUID: 7634ba72-df45-102b-981d-216a382f8806
> | +creatorsName: cn=Admin,ou=RACE,o=Example
> | +createTimestamp: 20070815063530Z
> | +entryCSN: 20070815063530Z#000000#00#000000
> | modifiersName: cn=Admin,ou=RACE,o=Example
> | -modifyTimestamp: 20070412121522Z
> | +modifyTimestamp: 20070815063530Z
> `----
>
> No relevant differences :/ "askwar" is the working user, "testing"
> is the non-working user.
>
> Thanks again,
> Alexander Skwar
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the openssh-unix-dev
mailing list