Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Re: ssh connection to an ldap server

from [fatima riadi] Network Security [Permanent Link]
Subject: RE: Re: ssh connection to an ldap server
Date: Mon, 21 Mar 2005 18:53:51 +0100 (CET) 
That's it!!

Thank you very much Gary for your help.

Now, I am able to connect to my LDAP server.

Just another question please: is it necessary to write
the bindpw password in clear text in /etc/ldap.conf?

Tank you again.


 --- "Tay, Gary" <Gary_Tay@platts.com> a écrit : 

I noticed that:
 
1) You did not provide binddn and bindpw in
/etc/ldap.conf
 
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
#binddn cn=exampleuser,dc=example,dc=com
binddn cn=nssldap,ou=DSA,dc=example,dc=com

# The credentials to bind with.
# Optional: default is no credential.
bindpw pw_in_clear_text
 
2) Your rootbinddn in /etc/ldap.conf should be
"cn=Manager,dc=example,dc=com", i.e. tally with
slapd.conf

# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
rootbinddn cn=Manager,dc=example,dc=com

Gary

      -----Original Message----- 
      From: fatima riadi [mailto:ftmriadi@yahoo.fr] 
      Sent: Mon 3/21/2005 11:57 PM 
      To: Tay, Gary 
      Cc: secureshell@securityfocus.com 
      Subject: RE: Re: ssh connection to an ldap server
      
      

       --- "Tay, Gary" <Gary_Tay@platts.com> a écrit :
      > If you suspect pam_ldap, show us the
      > /etc/nsswitch.conf and /etc/pam.d/system-auth
and/or
      > /etc/pam.d/sshd.
      >



======================================================

      Here is my slapd.conf file content:
      
      include         /etc/openldap/schema/core.schema
      include         /etc/openldap/schema/cosine.schema
      include        
/etc/openldap/schema/inetorgperson.schema
      include         /etc/openldap/schema/nis.schema
      include         /etc/openldap/schema/samba.schema
      include

/etc/openldap/schema/redhat/rfc822-MailMember.schema
      include        
/etc/openldap/schema/redhat/autofs.schema
      
      
      # Allow LDAPv2 client connections.  This is NOT the
      default.
      allow bind_v2
      
      # Do not enable referrals until AFTER you have a
      working directory
      # service AND an understanding of referrals.
      #referral       ldap://root.openldap.org
      
      pidfile /var/run/slapd.pid
      #argsfile       //var/run/slapd.args
      
      access to attr=userPassword
              by self write
              by * auth
      access to dn="ou=users,dc=example,dc=com"
              by self write
              by dn="cn=nssldap,ou=DSA,dc=example,dc=com"
read
              by users auth
              by anonymous read
      access to * by self write
              by * read
      



#######################################################################

      # ldbm and/or bdb database definitions



#######################################################################

      
      database        ldbm
      suffix          "dc=example,dc=com"
      rootdn          "cn=Manager,dc=example,dc=com"
      rootpw         
{SSHA}Cu0mazfs7JKjmJaCrZQszD1G7ijRpIKO
      
      # The database directory MUST exist prior to
running
      slapd AND
      # should only be accessible by the slapd and slap
      tools.
      # Mode 700 recommended.
      directory       /var/lib/ldap
      
      # Indices to maintain for this database
      index objectClass                       eq,pres
      index ou,cn,mail,surname,givenname      eq,pres,sub
      index uidNumber,gidNumber,loginShell    eq,pres
      index uid,memberUid                     eq,pres,sub
      index nisMapName,nisMapEntry            eq,pres,sub
      index sambaSID,sambaDomainName,sambaPrimaryGroupSID
      eq



======================================================

      /etc/pam.d/sshd
      
      #%PAM-1.0
      auth       required     pam_stack.so
      service=system-auth
      auth       required     pam_nologin.so
      account    required     pam_stack.so
      service=system-auth
      password   required     pam_stack.so
      service=system-auth
      session    required     pam_stack.so
      service=system-auth
      session    required     pam_limits.so
      session    optional     pam_console.so



======================================================

       
      > pam_ldap works with nss_ldap, also show
      > /etc/ldap.conf.
      
      And this is my /etc/ldap.conf file:
      
      # Your LDAP server. Must be resolvable without
using
      LDAP.
      host 127.0.0.1
      
      # The distinguished name of the search base.
      base dc=example,dc=com
      
      # Another way to specify your LDAP server is to
      provide an
      # uri with the server name. This allows to use
      # Unix Domain Sockets to connect to a local LDAP
      Server.
      #uri ldap://127.0.0.1/
      #uri ldaps://127.0.0.1/  
      #uri ldapi://%2fvar%2frun%2fldapi_sock/
      # Note: %2f encodes the '/' used as directory
      separator
      
      # The LDAP version to use (defaults to 3
      # if supported by client library)
      #ldap_version 3
      
      # The distinguished name to bind to the server
with.
      # Optional: default is to bind anonymously.
      #binddn cn=exampleuser,dc=example,dc=com
      
      # The credentials to bind with.
      # Optional: default is no credential.
      #bindpw secret
      
      # The distinguished name to bind to the server with
      # if the effective user ID is root. Password is
      # stored in /etc/ldap.secret (mode 600)
      rootbinddn cn=nssldap,ou=DSA,dc=example,dc=com
      
      # The port.
      # Optional: default is 389.
      #port 389
      
      # The search scope.
      #scope sub
      #scope one
      #scope base
      
      # Search timelimit
      #timelimit 30
      
      # Bind timelimit
      #bind_timelimit 30
      
      # Idle timelimit; client will close connections
      # (nss_ldap only) if the server has not been
contacted
      # for the number of seconds specified below.
      #idle_timelimit 3600
      
      # Filter to AND with uid=%s
      #pam_filter objectclass=account
      
      # The user ID attribute (defaults to uid)
      #pam_login_attribute uid
      
      # Search the root DSE for the password policy
(works
      # with Netscape Directory Server)
      #pam_lookup_policy yes


=== message truncated === 


        

        
                
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Maximum Authentication Tries, Aman Raheja
Next by Date:  RE: Re: ssh connection to an ldap server, fatima riadi
Previous by Thread:  RE: Re: ssh connection to an ldap server, Tay, Gary
Next by Thread:  RE: Re: ssh connection to an ldap server, fatima riadi
Indexes:  [Date] [Thread] [Top] [All Lists]