Home
TeamSite
Authentication using LDAP
sunil_j
Hi,
I am trying to authenticate teamsite users using iPlanet LDAP server. For which I have mentioned the authenticate_by attribute in [authentication] section of iw.cfg as LDAP and also specified the remaining LDAP information.
I am able to authenticate user using the above approach, but at the same time I have to create a local user account on Solaris OS also. I think if I specify the authentication mechanism as LDAP I should not create a local user account.
Kindly let me know how should I overcome this issue and if possible some details on to do the required configuration both on TeamSite and on Solaris OS ?
Thanx
Sunil
Find more posts tagged with
Comments
tvaughan
A TeamSite user
must
also be a Unix user, recognized by the operating system.
If you want to get rid of all the duplicate username entries in /etc/passwd, you'll need to configure your pam.conf to use "local, ldap" and point your ldap.conf to your iPlanet installation.
Tom
sunil_j
Hi,
Can I have the exact lines of text I need to write into PAM.conf to make use of LDAP.
Moreover why should I change the PAM.conf as because I am mentioning the Authenticate_By= LDAP and NOT pam?
I tried to insert the following in Pam.conf
other auth required /usr/lib/security/pam_ldap.so.1
other account required /usr/lib/security/pam_ldap.so.1
And Even
teamsite auth required /usr/lib/security/pam_ldap.so.1
teamsite account required /usr/lib/security/pam_ldap.so.1
But nothing helped me much.
Can you help me to proceed further. I am very new to Solaris environment, request your kind cooperation in this regard.
Thanx
Sunil
tvaughan
The idea is that you point Solaris (your OS) and TeamSite (your application) to the
exact same authentication source
I would actually recommend pointing your TeamSite to pam in your iw.cfg, so that "authenticate_by=pam" and
not
ldap.
Then, in your pam.conf, configure a "teamsite" authenticate scheme to use your ldap directory. If you also set up your login authentication to use "local, ldap" you will be able to keep users like "root" and "sys" in your /etc/passwd, but keep all your TeamSite users in your directory.
I'd seek some system administration help if what I just said sounds like Greek.
Tom