ldap

"no such user" – LDAP authentication with sssd

"no such user" – LDAP authentication with sssd I am struggling with making sssd use LDAP users to login on my Linux-Server (Oracle Linux 8.9, basically identical to RHEL, but free). Goal Using the users (e.g. "John") existing on the LDAP-Server (Microsoft AD DC) to log in on my Linux-Server Current Errors Whenever I enter …

Total answers: 1

Why is pam_unix.so set "required" even when LDAP is enabled?

Why is pam_unix.so set "required" even when LDAP is enabled? On my Rocky Linux 9.3 machine, LDAP authentication is enabled by authselect and is working fine. I can ssh into this machine by both local accounts and LDAP-only accounts. However, my /etc/pam.d/password-auth, which is included by /etc/pam.d/sshd , seems to contradict the current behavior. It …

Total answers: 1

Understanding risks of setting nscd positive-time-to-live to a longer duration

Understanding risks of setting nscd positive-time-to-live to a longer duration as I mentioned in another thread, I have an LDAP system supporting two dozen Linux servers. When LDAP server is down for various reasons (firewall rule changes, power outage etc), my rest of the systems became hanged. I am hoping to build some redundancy, and …

Total answers: 1

Ubuntu doesn't translate /home/testuser to ~

Ubuntu doesn't translate /home/testuser to ~ In Ubuntu 22.04.3 LTS, if I log in with the credentials of the LDAP user testuser, in several different programs the path of the $HOME directory is not replaced by ~ (as instead it happens for local users). A couple of examples: In bash, the value of PS1 is …

Total answers: 2

What is the LDAP mechanism to resolve duplicated username on a LDAP client?

What is the LDAP mechanism to resolve duplicated username on a LDAP client? On a LDAP client, there are two users having the same username, say "abc". One is the local user with UID 1000, another is the LDAP user with UID 1001. If I run getent passwd 1000, the returned output is abc:x:1000:1000:Local User:/home/abc:/bin/bash …

Total answers: 1

SSH by LDAP groups – not work

SSH by LDAP groups – not work There are "31" servers configured from the same RedOS image (CentOS 7-based). They are entered into the LDAP samba domain, and are configured for authorization via ssh based on ldap user groups. For this purpose the following have been changed: created as root echo "Domain admins" > /etc/ssh/access_groups.conf …

Total answers: 2

Logins like user@ad.foo cause profile files to be owned by root

Logins like user@ad.foo cause profile files to be owned by root The users at my school are used to logging in to email, windows etc with a login username@ad.foo (authenticated with Active Directory via LDAP). Unfortunately this is causing havoc and corrupting their user profile. UPDATE – CAUSE: This was caused by some custom modifications …

Total answers: 1

Completely locked out of the admin account with FreeIPA

Completely locked out of the admin account with FreeIPA I have a FreeIPA server set up with a single replica. The admin account has been locked. Here’s the log from a kinit admin: [root@idm-00 ~]# kinit admin kinit: Client’s credentials have been revoked while getting initial credentials Jun 26 13:04:08 idm-00.<REDACTED> krb5kdc[288805](info): AS_REQ (6 etypes …

Total answers: 1

How to add utility ldapsearch to yocto image?

How to add utility ldapsearch to yocto image? I have successfully added the recipe openldap to my yocto-base Linux distribution, by the instruction: IMAGE_INSTALL += "openldap" After that I’ve created a path/to/my-layer/recipes-support/openldap/openldap_%.bbappend file and put in it the instruction: INSANE_SKIP_${PN} += "already-stripped" The previous setting specifies to the Quality Assurance (QA) checks what to skip …

Total answers: 1

What LDAP server can I install only for test LDAP authentication?

What LDAP server can I install only for test LDAP authentication? I need to do practice with LDAP so I think that is a good idea to install a LDAP server only for do some test. For client side I’m using a LInux Mint distribution and I have installed all the software packages as I …

Total answers: 1

How does a Linux Workstation interact with Windows Active Directory?

How does a Linux Workstation interact with Windows Active Directory? I’m studying LDAP and in my company there is an Active Directory Server. In my workstation is installed Linux Mint. I try to show the context that arise my question: open a new window for browsing the filesystem of the workstation; in the menu File …

Total answers: 1

'getent passwd' not showing LDAP users, athough users can log in

'getent passwd' not showing LDAP users, athough users can log in I have an administration node running LDAP and a login node which uses LDAP on the other node to authorize users. Users are able to log into the login node successfully. When I run getent passwd, on the admin node I get all the …

Total answers: 1

How to get list of users with a given group as primary group

How to get list of users with a given group as primary group With getent group xyz I get a list of users who are members of xyz with xyz either as a primary group or as secondary group. How do I get a list of just those users who have xyz as their primary …

Total answers: 1

Why does LibreOffice (at least as packaged for Debian) depend on libldap?

Why does LibreOffice (at least as packaged for Debian) depend on libldap? The Debian package libreoffice-core (which is described in the Debian repositories as containing " the architecture-dependent core files of LibreOffice," and which is itself a dependency for libreoffice-writer and similar packages) has an absolute dependency (i.e., the relationship of the packages is depends, …

Total answers: 2

create zsh function with argument for ldapsearch

create zsh function with argument for ldapsearch I have a couple commands I can run directly on the command line without issue, when I run them and replace $1 with the actual group name I want to check in LDAP. Now I want to turn it into a parameterized function, and I can’t get an …

Total answers: 1

curl dynamic linking problem in 21.10

curl dynamic linking problem in 21.10 I recently got a Dell Precision 3450 with ubuntu 20.04, and upgraded to ubuntu 21.10 in two steps (20.04 -> 21.04 -> 21.10). This required upgrading the file /usr/lib/os-release by hand, as described here, probably because of customizations by Dell to the OEM install. In any case, the system …

Total answers: 2

Why is LDAP with STARTTLS preferred over LDAPS

Why is LDAP with STARTTLS preferred over LDAPS I am just wondering why is LDAP with STARTTLS is a more preferred industry standard over LDAPS. LDAPS start the communication with encrypted information to begin with whereas STARTTLS only upgrades to an encrypted connection once the authentication is successful. Asked By: Shell Scripter || Source STARTTLS …

Total answers: 2

Cisco Jabber for Linux?

Cisco Jabber for Linux? Some people at our company are using a so called Cisco Jabber in Windows OS to improve handling of phone calls directly at the PC instead of using the telephone anymore. After installation, one has to register the client to the server just with a username@company.com and the corresponding password. Subsequently …

Total answers: 4

How can I get the list of ldap users without being sudo?

How can I get the list of ldap users without being sudo? I have non-sudo ssh access to a server of which I want to know the list of users, I think the server is using ldap because: -bash-4.2$ cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If …

Total answers: 1

Samba – use LDAP for authentication only?

Samba – use LDAP for authentication only? I am trying to set up a Samba server to use an LDAP server for authentication only, but pull all account information (user ID etc.) from SSSD, PAM etc. Basically, the server should act as a standalone server except that the user names and passwords will be checked …

Total answers: 1