Q. I am trying to configure LDAP client. Have copied the certificate to client and enabled TLS in pam_ldap.conf. Still the client failed to communicate with LDAP server. At server end found TLS negotiation failure error. How to fix it?
Sep 11 10:35:12 rhel4 slapd[5241]: conn=1130 fd=12 ACCEPT from IP=10.20.31.140:37309 (IP=0.0.0.0:636) Sep 11 10:35:12 rhel4 slapd[5241]: conn=1130 fd=12 closed (TLS negotiation failure)
How to notify users when their password about to expire? The ppolicy overlay working as expected for password expiry rules. But it does not have option of sending password expiry warning to end users.
I have an alternate fix. Created a script which will
Q. All the LDAP users unable to login and getting access denied error. How to fix without losing any of user information?
First check whether the user’s password expired or locked
1. This command retrieve user password status related ppolicy. The password expired/locked will be notified.
How to identify the Openldap configuration files? What is the importance and usage of each file/directory? The Openldap configuration files are same in any distribution but the location may vary.
This image illustrate how the configuration files are used by Openldap service. Followed by the brief description about each component.
Network connection slowness is one of the interesting scenarios I came across. It might help someone.
My application servers are placed in one VLAN. And backup server placed in another VLAN. Since it is LAN bandwidth supposed to be 40-50 Mbps. But the connection between both application and backup server were at ~100KBPs transfer rate. I have checked router, firewall and VLAN settings. Everything looks good. No ware bandwidth limit identified. So, how do I fix network connection slowness issue?
I have an OU (organizational unit) named “vendor”. How to delegate access control management to one user for this OU alone? Is it possible like windows AD?
Yes, using Openldap access control rules you can create fine grained access control policies. Have tested personally and discussed here. In two places you must need this.
1. Password quality check options – Openldap
2. Configure password quality check – Openldap
How to implement password quality (complexity) enforcement rules? How to test the functionality?
In my previous discussion explained about various options available to implement password quality (complexity) check. Now I am going to demonstrate enforcing password complexity rules using “pqchecker” library.
Are you trying to update Openldap global or config database configuration? Getting insufficient access error (50)?
So, What is the BIND dn (i.e username) you are using? The error simply says that BIND dn authentication successful but it does not have write access to database you are trying to modify.
# ldapmodify –axw ppsswwdd -D "cn=manager,dc=sunt,dc=com" -f db.ldif
modifying entry "olcDatabase={2}bdb,cn=config"
ldap_modify: Insufficient access (50)
On RHEL 6 LDAP client configuration involves editing multiple files such pam, nssswitch, authconfig etc. But “authconfig” command made it easier for us. I walk you through how it can be done in two steps.
Install client packages. openldap-clients pam_ldap nss-pam-ldapd
By default all user has access to command “su”. This command allows login to other user from current shell. Of course they should know target user password. The problem is you cannot have control/log of users once they switched successfully. What happens if the user by chance able to switch as root?
Desired secure method to switch across user is restrict “su” command. Enforce them to use “sudo” instead.