Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello,
I have configured openldap 2.4 for authenticating linux clients.
When I set the shadow of a user with "ssha" algorithm it works fine but when I change it to SHA512 it does not work.
My client is redhat 6.4 and it accepts SHA512 shadows for local accounts but for LDAP accounts it does not work.
Do I need to add something to my LDAP server ?
Hello,
I have configured openldap 2.4 for authenticating linux clients. When I set the shadow of a user with "ssha" algorithm it works fine but when I change it to SHA512 it does not work. My client is redhat 6.4 and it accepts SHA512 shadows for local accounts but for LDAP accounts it does not work.
Do I need to add something to my LDAP server ?
And since you're using RHEL 6.4, have you contacted Red Hat for assistance, since you're PAYING FOR RHEL, right?? They also have a set of openLDAP documentation on their knowledgebase, which (as a paying subscriber), you have access to.
No I just googled and there was nothing useful. I will follow based on doc then.
actually where I live there is no support for RHEL or professionals like you to help and here is my only hope to find a clue and in this case I think is enough to proceed.
Thank you
It worked and to let the others who are reading this know :
You need to obtain openldap source
cd openldap-2.4.39
cd ./contrib/slapd-modules/passwd/sha2
make
cp .libs/pw-sha2.so /usr/lib64/openldap
Then you need to load it this way :
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModuleLoad: pw-sha2
olcModulePath: /usr/lib64/openldap
No I just googled and there was nothing useful. I will follow based on doc then.
Sorry, but Google has LOTS of information that is useful, and reading/following the instructions should be the absolute FIRST thing you do for ANY problem.
Quote:
actually where I live there is no support for RHEL or professionals like you to help and here is my only hope to find a clue and in this case I think is enough to proceed.
Sorry, that's wrong. Anyone can call Red Hat on the phone, from anywhere in the world. You can also email them from anywhere with an Internet connection (which you obviously have), and you can also get online help. If you're paying for RHEL, you have MANY options on how to contact them.
But in this section actually you need to edit file "Makefile" and specify LDAP source root right ?
I already specified the soruce root openldap on the path "/etc/openldap/" but still erorr like below :
[root@mail sha2]# make
../../../../libtool --mode=compile gcc -g -O2 -Wall -I../../../../include -I../../../../include -I../../../../servers/slapd -c slapd-sha2.c
make: ../../../../libtool: Command not found
make: *** [slapd-sha2.lo] Error 127
Anyone can help me to solve this case.
Thanks & Regards,
Arief
Quote:
Originally Posted by vahab
It worked and to let the others who are reading this know :
You need to obtain openldap source
cd openldap-2.4.39
cd ./contrib/slapd-modules/passwd/sha2
make
cp .libs/pw-sha2.so /usr/lib64/openldap
Then you need to load it this way :
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModuleLoad: pw-sha2
olcModulePath: /usr/lib64/openldap
[root@mail sha2]# make
../../../../libtool --mode=compile gcc -g -O2 -Wall -I../../../../include -I../../../../include -I../../../../servers/slapd -c slapd-sha2.c
make: ../../../../libtool: Command not found
make: *** [slapd-sha2.lo] Error 127
Anyone can help me to solve this case.
Go to the openldap source root directory and run `./configure` first. That creates the libtool script your compiler was complaining about. When you did not compile openldap before, doing so by running `make` is the easiest way to get the dependencies compiled.
e.g. on Debian
Code:
apt-get install git-core build-essential libtool
git clone git://git.openldap.org/openldap.git /usr/src/openldap
cd /usr/src/openldap
./configure
make
cd contrib/slapd-modules/passwd/sha2
make
cp .libs/pw-sha2.so /usr/lib/ldap/
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.